Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

Silicon Valley now can be renamed to Surveillance Valley

Version 1.2, November 20, 2013

Mass surveillance is equal to totalitarism with the classic slogan of Third Reich
"if you have nothing to hide, then you have nothing to fear"

The slide above is courtesy of The Guardian

News National Security State Recommended Links Big Uncle is Watching You Nephophobia: avoiding clouds to reclaim bits of your privacy Privacy is Dead – Get Over It Is Google evil? "Everything in the Cloud" Utopia
Reconciling Human Rights With Total Surveillance Issues of security and trust in "cloud" env Facebook as Giant Database about Users Blocking Facebook Email security MTA Log Analyzers HTTP Servers Log Analyses Cookie Cutting
Potemkin Villages of Computer Security Total control: keywords in your posts that might trigger surveillance Cyberstalking Search engines privacy How to collect and analyze your own Web activity metadata Steganography Anomaly detection Notes on Search Engines and Google
Malware Spearphishing Podesta emails hack Cyberwarfare Data Stealing Trojans Flame Duqu Trojan Google Toolbar
Nation under attack meme Is national security state in the USA gone rogue ? Search engines privacy Totalitarian Decisionism & Human Rights: The Re-emergence of Nazi Law Nineteen Eighty-Four Edward Snowden as Symbol of Resistance to National Security State Prism-related humor Etc
Version 1.2, November 20, 2013

Introduction

"As a totalitarian society, the Soviet Union valued eavesdropping and thus developed ingenious methods to accomplish it."

This NSA document

J. Edgar Hoover - Wikipedia

Americans live in Russia, but think they live in Sweden

Chrystia Freeland

You have nothing to fear, if you have nothing to hide

--Joseph Goebbels

I was always suspicious about the success of "cloud" Web mail services starting with Hotmail. There was something fishy here including the purchase of Hotmail by Microsoft. The problem is that if your emails are being stored "in the cloud" each single email is exposed as if it is permanently "in transit".

Moreover the collection of email in your Inbox and, especially, your email address book constitute a more valuable set of information than any single email and tells much more about you that any single intercepted email can.  Now you see why the future won’t be like Orwell’s Nineteen Eighty-Four.  Mechanisms were invented that provoke people voluntary spy on themselves.  Pretty ingenious mechanism I would say. The elevates the importance of denial of snooping  ( Hide the Real ) and misrepresentation ("Show the False") practices  to thwart over-intrusive collection capabilities.

This brief examination of the internet reaction on Snowden revelations suggests that we should cultivate the heresies of secrets and silence. May people had been promoting the idea of lean email usage for a while. It's about recognizing both that emails are valuable and that it is a dangerous thing to put sensitive information in it or to overuse it. No email should be send, when phone call suffice. Extending this to "lean data principles" forces you to clarify the data you want to store and think hard about the minimal set of information you need. Do you really need to use email as often as you currently do? Probably not.  If you can accomplish anything without sending email, then do not send email.

Do you need to have your cellphone switched on all the day? Probably not. You should have "off hours" during the day when no cell phone calls are allowed. 

Facebook  ("Facebook "like" button is watching you ) along with Google, Microsoft, Amazon and Yahoo are kings of "passive surveillance".  That means that they are able to keep a pretty detailed, day-to-day dossier on your actions and (in case Google and Android phones) your movements by just analyzing data that are automatically streaming into their databases due to the fact that you have an account.  That's pretty embarrassing to be snooped 24 x7.  And it is plain vanilla stupid to enhance their capabilities by buying products that  can easily be abused like Amazon Echo (which should be put in a box when you do not use it, if you consider this device useful)

Report Amazon hires employees to listen to customers through products

If you have an Amazon Echo product, you aren't the only person privy to your private conversations

Thousands of people across the globe are employed by Amazon.com to listen to Echo recordings, transcribe and annotate them and feed them back to the software so that Alexa can better grasp human speech, according to a report from Bloomberg.

... ... ...

An Amazon spokesperson responded to USA TODAY with a statement that reads, "By default, Echo devices are designed to detect only your chosen wake word (Alexa, Amazon, Computer or Echo). The device detects the wake word by identifying acoustic patterns that match the wake word. No audio is stored or sent to the cloud unless the device detects the wake word (or Alexa is activated by pressing a button).”

Critics of Amazon's Echo products have pointed to potential privacy violations. In 2015, the Electronic Privacy Information Center (EPIC) asked the Federal Trade Commission and the Department of Justice to conduct a “comprehensive investigation" into Alexa and other home-listening devices, according to Marc Rotenberg, president and executive director of EPIC.

Integration of those activities is NSA domain, but Facebook is pretty nasty in a sense that it tried to get more information about you then you wish to provide.

“I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded.”

~Edward Snowden

While Amazon connection to intelligence agencies is very well known (and only a complete idiot can assume that history of your purchases on Amazon or using any credit card is not goes directly to NSA, Langley, and several other places), the extent of Facebook and Google connections became known only after Snowden revelations.  The fact that your mail is readily assessable to NSA and their contractors via PRISM program was a real bomb.

But from purely technical standpoint PRISM program is only logical and just utilized available technological capabilities for surveillance. The dream of total surveillance was always present in any state apparatus, democratic or totalitarian.  Moreover PRISM is an improvement over dystopia of 1984. After all, Big Brother needed electroshock, sleep deprivation, solitary confinement, drugs and propaganda broadcasts to keep power. Now confessions obtained by force has been replaced by voluntary disclosure due to new technologies available. And crushing of dissent became more sophistically and utilizes much less brute force (look how effectively Occupy Wall Street movement was suppressed).  All you need is the cooperation of several large Internet  companies with intelligence agencies, control of MSM and infiltration. 

Returning to the issue of email. Contrarily to widespread myth, it not exactly necessary to read your email to understand who you are and what views you are holding. Just the set of headers of your email messages (along with the content of your address book) constitute something revealing (and from the point of view of your privacy more dangerous) collection of information. Please take into account that all email you ever wrote are stored somewhere forever (or at least for your lifetime.)  Rephrasing well known quote we can say: "Give me access to your email headers,  and I will say who you are". This technology, which was initially developed during Iraq war proved to be very powerful method of surveillance.

 "Give me access to your email headers, and I will say who you are"

All this talk about NSA or CIA ability to listen to your smartphone microphone or via microphones in your laptop, TV or other  devices looks like grossly exaggerated threat. Those are intrusive and expensive options and those agencies actually they do not need them, except is cases when the "suspect" needs 24 x 7 surveillance.  Other then pursuing "real suspects" this measure clearly is an overkill. Passive surveillance via data provided by big four (Google, Amazon, Microsoft and Yahoo) and your smartphone (along with information from your credit card companies) is enough so that you have no secrets from the government ;-).

At any day of the  year government can tell what are your interests, political views and the circle of fiends probably better then your close relatives.  STASI operatives would die to have this capability.  In other words just due to technology progress we are all now living in the "national security state", which as you can guess is governed by intelligence agencies brass. The latter along with financial oligarchy and top CEOs represents  what Orwell called "inner party".  And its existence was clearly revealed during Russiagate color revolution, launched after the election of Trump. With the explicit goal to depose of at least neuter elements of his election program that represent deviation from neocon/neolib policies (the latter goal was quickly achieved; Trump folded in just three months). 

It not accidental that some prominent politicians have their career interlinked or even managed by intelligence agencies (George H. W. Bush,  Vladimir Putin, Theresa MayBarak Obama, Mike Pompeo, Hillary Clinton). There is even term "CIA democrats" which has dual meaning.  With the second one more menacing then the first. To a certain extent, politicians who fight and win or lose election are just figureheads or puppets of the Deep State because since the time of J. Edgar Hoover there is enough dirt of each of them to keep them in check (think about Lolita Express).  And if not, it can be fabricated, as was the case with Steele dossier.

In other words, the emergence of powerful intelligence agencies after WWII (as well as technological progress, especially in the areas of computers and  communications) make transition to the national security state the "natural" path of the Western societies  evolution. Whether we can talk about democracy in such a state is an interesting question, but it is clearly beyond the scope of this  page.

Please note that your purchases history, the collection of just email headers and other information that which can be collected automatically and inexpensively is probably  stored "for the duration of your life."   And that includes all your emails not only those voluntarily stored by you on your "cloud" provider. The latter is the place over which you've absolutely no control (and as such you should have no expectation of privacy) . 

The same is true about your phone calls. The ability to listen to your phone calls in most cases is immaterial. The list of your connections is enough to tell everything about you, sometimes even better then the content of your conversations via phone.  And I doubt that the work of transcribing and analyzing your calls is done without some serious reason, just for completeness. On the current level of technology correct transcribing of a phone call costs serious money and I doubt that NSA if far ahead of Google, Apple and  similar companies in this technological area. For a very limited vocabulary ( specific subject area), huge distributed array or computers the progress probably is more impressive (think about IBM win of IBM Watson Final Jeopardy!, which probably was partially staged by heavy tuning of Big Blue toward the particular game, but still)

The key probably for NSA now is that those guys who suspect that their phones are listened behave more carefully. Actually most of us no longer view smartphone as a device suitable for communicating anything really private. At the same time rumors about phone converted into a listening device against your will looks like paranoia. This is not simple, as you need to wake up your phone to do that and running phone consumes battery life; which allows detection of such activity. also microphone in your jeans is not a good place to conduct the recording which you need to transcribe.  You can access the resulting quality by switching on smartphone recorder and putting the phone into the pocket and reading a couple of pages of some book.  Also if your fully changed phone that was on 100% and was switched off all the time had shown 80% of change when you switch if on, you would instantly understand that something is wrong. Moreover putting a cell phone into a metal box or a metal mesh, or metalized plastic envelope used for computer parts,  completely disables the communication with the tower (recoding still can be conducted if it was initiated before that, but transmission of recoding is possible only after the phone is extracted from the mesh).  Foam lining pretty much disables sound too. Both those materials are cheap and widely available.  Keeping phone is a closed zipped padded container (often used for camera ), lady pouch or waistpack kills microphone sensitivity and is a useful method if you have some concerns. In this case your phone still can get external calls and this does not goes as far as Faraday cage.  But in most cases switching phone off is more then enough. 

The same is true about your usage of internet: as soon as you switch off your home router there is no way to spy on you at home via Internet, no matter how many computers that are connected to your home network. Of course theoretically there is a possibility of using Wi-Fi from hacked router of your neighbor, but that's complex and costly path which is justified only for very valuable targets.

So the main danger is your own Internet activity. But here the situation is a little bit more complex as from now on the life of intelligence agencies is not that easy -- there is no guarantee that after Snowden revelation people do not try to distort their browsing profiles. In other words NSA now does not know whether visiting particular site is a prank (possibly automated to distort your browsing profile) or a real activity. 

Usage of your Amazon account by other members of family distort you profile enough to make making conclusion from it more difficult.  Sharing a single Amazon account for a family blurs your purchasing activity with "noise" as it is difficult automatically distinguish between your activities and activities of individual members of the family. You can see how confused are automatic algorisms from the advertisements that are presented to you.  Actually you can easily "change your gender" for advertising purposes by clicking several wrong "targets" on Amazon and this change is pretty sticky.   In a way, experimenting on Amazon and seeing the advertizing for the particular set of browsing behaviors (for example, pretend that you are interesting in particular type of books, or jewelry, or fragrance )  gives you same level of understanding how your Amazon browsing activity is interpreted by NSA.

In this sense Snowden revelations were a severe hit, almost a knockdown for NSA. Because is very easy to inject fake activity on your browsing profile, less so in your email and purchases profile. The simplest way for Internet is to use any programmable keyboard, or a scripting language with the Expect-like module (Perl, Python, etc).  You can visit arbitrarily website at your will, but you can't just call random people (actually you can, but the result will be disappointing ;-). As it's easy imitate "fake visits to sites"  analyzing web activity in "after-Snowden" world became more involved and complex task. You need to use additional more complex metrics to separate signal from noise.

I can see why Brazil and Germany are now concerned about NSA activities. What I can't understand is why they are not concerned about stupidity of their citizens opening accounts on Gmail or Facebook and putting confidential information on the Webmail systems such as Gmail, Hotmail, Yahoo mail  (all three are mentioned in Prism slide above ;-). Is not this a new mass form of masochism?   Or this is the case when they are more afraid of their own government.

I would like to repeat that fundamental "After Snowden" rule again and again. Do not write email when something can be accomplished via phone call, and do not use phone, if something can be accomplished by personal contact.  Limit your Internet activity -- in most cases this is just a waste of time and electrons anyways. For example if you can purchase something for cash just do it (for example, alcoholic beverages). In no way use Amazon for trivial things that can be purchased locally, which is actually both expensive and counterproductive.  This is just a new  form  of exhibitionism.

If you can purchase something for cash just do it (for example, alcoholic beverages). In no way use Amazon for trivial things that can be purchased locally, which is actually both expensive and counterproductive.  This is just a new form of exhibitionism.

Trust in cloud providers is completely misplaced

As we have all found out, that trust in cloud providers is completely misplaced, as "cloud" services were systematically abused.  So when I read that some high level honcho emails were infiltrated (directly via  broken password, or indirectly or special interface in software) and published  the only reaction is -- Ohh God, yet another  idiot was caught in  this net and now will pay for his  transgressions. 

Accounts in Hotmail or Gmail has their value, but they are most useful as "spam folders." Do not behave like this highly placed idiot Podesta, who later of course regretted about his own stupidity, but it was too late.  Or another highly placed idiot  --  David Petraeus who decided that that internet mail is secure enough to communicate with his mistress.

You can direct all emails from your subscriptions on newspapers, sites and magazines to Gmail or Hotmail, but that's about  it. For any valuable email you need to buy your own domain and account on one of dozens reputable ISPs with ssh access. If you are more or less knowledgeable in computers there is no excuse for you to use services like Gmail (which is a very bad email client in any case; Google proved to be mediocre developer in this  particular case).

If you are knowledgeable about computers, the account you use for private emails should always be the account at one of small ISP on your own domain, and possibly using special DNS server. 

People who still remember what POP3 is, can download email to their laptops, which does not store any emails on the server.  Only the last week of email or even less should be stored on Web accessible storage, because sometimes it is vital to access email from your smartphone. Storing older emails on Internet servers is recommended only, if those emails do not represent any value to you. In this case why to store them at all? 

No "private mail" should not be stored in Gmail, Hotmail, Yahoo or similar accounts if you are concerned about consequences of leaking them. The simplest example is what a person has mistress like  General David Petraeus. and if you are unable to get rid of bad habit of using Google or similar "intelligence friendly" outlets, you at least should use dual authentication and systematically delete all emails older then a week.

Links in email as the source of troubles and the possibility of braking into your cloud-based email account

Email is a very old (it predates TCP/IP) and inherently insecure protocol that allow spearphishing -- sending you plausible emails with links with the text that entice you to click on them (for example spoofed Google information about attempt to access your account, say, from Ukraine  and request to change your password immediately). Links generally should be displayed with both name and actual URL (not only as the name as on Webpages), and clicking on them should be blocked automatically in your email client, like this is done in Thunderbird. But Microsoft Outlook pretends  to be "user-friendly".  At your expense.  Also additional NSA money for keeping Windows "less secure" (or adding obviously suicidal from security standpoint features are automatic scanning of USB drives, making them a new generation of floppy disks with theirs boot viruses; I doubt that Microsoft developers were that stupid, it was probably a request from NSA or similar organization ) does not hurt.

In case  Podesta emails hack  the most amazing fact is not only his stupidity of using Google mail for pretty sensitive communications, but that he failed to purchase $15 key for two factor authentication for Gmail.  Also Podesta  made a very common and stupid mistake -- clicking on the link in email, especially a email with the security alerts is really reckless.  It is undesirable even if you can verify that the URL used is not spoofed.

Anyway this is very surprising that such person was Bill Clinton Chief of Staff (1998-2001) -- essentially former Grey Cardinal of the USA with the power comparable with the President (and in certain areas exceeding it).  Such a  person is as close to trained in computer security professional as one can get, taking into account the  sensitively of his position: Podesta at one time has access to highest level of US security clearness and needed to listens to all respective briefing and signing documents that his understands what he was told.  Is not this a sign of degeneration of the USA neoliberal elite?  As a result of this  blunder on October 7, 2016, WikiLeaks started to publish thousands of emails reportedly retrieved from Podesta's private Gmail account, some of which contained controversial material regarding Clinton's positions or campaign strategy.

If publishing of your email box can cause you even slight embarrassment never keep it on Internet even if you use two factor authentication (may be outside the recent week or two). Use an encrypted thumb drive that is inserted in your laptop/desktop strictly for the period of your working with your email archive.

If publishing of your email box can cause you embarrassment or more serious harm the only place to keep this mailbox (may be outside the recent week or two) in encrypted thumb drive that is inserted in your laptop/desktop strictly for the period of your working with your email.

Similarly it is stupid to purchase anything that can compromise you with the credit cards, like was the case in Eliot Spitzer prostitution scandal

The investigation of Spitzer was initiated after North Fork Bank[2] reported the suspicious transactions to the Treasury Department's Financial Crimes Enforcement Network as required by the Bank Secrecy Act, which was enhanced by Patriot Act provisions, enacted to combat terrorist activity such as money laundering.[3] Spitzer had at least seven liaisons with prostitutes from the agency over six months, and paid more than $15,000 for their services. Federal agents had him under surveillance twice in 2008.[4][5][6] According to published reports, investigators believe Spitzer paid up to $80,000 for prostitutes over a period of several years – first while he was attorney general, and later as governor. Governor Spitzer, referred to as "Client 9" in an affidavit filed in US Federal Court,[10] arranged to meet at the Mayflower Hotel in Washington on February 13, 2008 with a prostitute named "Kristen". "Kristen" was later identified as 22-year-old Ashley Dupré.[11][12] She intended to travel from New York City for the planned tryst and Spitzer agreed in advance that he "would be paying for everything—train tickets, cab fare from the hotel and back, mini-bar or room service, travel time and hotel".[13] After the meeting on February 13, 2008, Spitzer paid her $4,300 in cash.[14] The payment included $1,100 as a deposit with the agency toward future services.[15]

See also Zipper, a 2015 political thriller film, is a thinly veiled dramatization of the Spitzer scandal.

The newly acquired value of Aesop language

People have nation aversion to invasions to their privacy and  invented  various methods to evade snooping even in "tightly controlled" environments. One of the simplest and proven method is to use Aesop language. 

The Soviet-era writer Lev Loseff noted that the use of Aesopian language remained a favorite technique of writers (including himself) under Soviet censorship.[2] Maliheh Tyrell defines the term in the Soviet context and observes that the use of Aesopian language extended to other national literatures under Soviet rule:

"In short, this form of literature, like Aesop's animal fables, veils itself in allegorical suggestions, hints, and euphemisms so as to elude political censorship. 'Aesopian language' or literature is a technical term used by Sovietologists to define allegorical language used by Russian or nationality [that is: non-Russian] nonconformist publicists to conceal antiregime sentiments. Under Soviet rule, this 'Aesopian' literature intended to confuse the Soviet authorities, yet illuminate the truth for native readers."[3]

According to one critic, "Censorship... had a positive, formative impact upon the Aesopian writers' style by obliging them to sharpen their thoughts."[4]

In a way after Snowden revelations we all now need to learn Aesop language (slang is actually almost in-penetratable to computer analysis; unless they are specifically programmed for the particular one) and be more careful.  Many people now understand why after Snowden revelation Facebook users should be very concerned. Facebook is nothing but an intelligence database about their users. That's their primary business model -- collect and sell the data about you to advertisers, and not only advertisers. 

The users data is what Facebook actually sells

Yahoo, Microsoft and Google are no different.

Strangely enough, even after Snowden revelations the usage of Facebook/Yahoo/Gmail was not affected and the number of active accounts continued to grow. Nothing changes even after several high profile email leaks happened after Snowden revelations. So it looks like in cyberspace a large number of people is more reckless then they behave in a "normal" environment. 

So now it make sense to use context that is understandable only to you and your counterpart in particular electronic communication -- making is less understandable to outsiders. Please always use nicknames instead of real names in the first step. Mapping your organization to some film of novel is another simple step.

While it is stupid to try to guess how NSA pick up "interesting posts" it might make sense do not abuse words in your posts that might trigger surveillance  without necessity. Such as "attack", "epidemic" and like. 

Social sites as promoters of "exhibitionism orgy"

Social sites, especially "Fecebook" skillfully promote what can be called "exhibitionism orgy"  People affected generally get what they deserve, but some teenagers paid with their life for this blunder. Not to say that feeling like each and every your "wall" post is like scrolled on NYC Times square is not very comfortable feeling for anybody except status hungry adolescent girls. 

To say nothing that due to ubiquity of electronic communications all your life is watched anyway, as if East Germany STASI now became a universal world-wide phenomenon. Actually some details now available via electronic communications (your relocation data via your smartphone) were unavailable to STASI. It’s the digital equivalent of tailing a suspect, See Big Uncle is Watching You.

In a current NSA-inspired debate about the moral consequences of digital technologies, it is important to realize the danger of seamless integration of services under Google (especially within Android) as well as other Internet Oligopolies (I doubt that Microsoft with its Windows 10 is much better).  Everyone using an Android smartphone is forced to wear Google's digital straitjacket. This  can be a very bad thing. Why we should tell everything about yourself to Google? That's humiliating.

From this point of view a combination of a "regular phone" (and  and a 7 inch tablet that accepts the same simcard (in rare case when  WiFi is not available; you can also use it as navigator, if necessary) is much more attractive then a smartphone and available at a fraction of the cost: $30 (for example Alcatel Go flip)  + $150 Samsung tablet instead of $300 or more for a decent smartphone).

Android smartphones with GPS essentially invites snooping on you, especially government snooping as the less is the number of types of devices the government need to deal with, the cheaper is such mass collection of information on each citizen.

Smartphones essentially invites snooping on you, especially government snooping as the less type of devices the government need to deal with, the cheaper is such mass collection of information on each citizen

Whether this is done in the name of fighting terrorism, communist agents, or infiltration of Martians does not matter. As long as access to such data is extremely cheap, as is the case with both Android and Apple smartphones,  it will be abused by the government and some activities will be done without any court orders. In other words if technical means of snooping are cheap they will be  abused. It is a duty of concerned citizens who object this practice to make them more expensive and less effective.

If technical means of snooping are cheap they will be  abused. It is a duty of concerned citizens who object this practice to make them more expensive and less effective.

First of all we must fight against this strange "self-exposure" mania under which people have become enslaved to and endangered by the "cloud" sites they use. Again this nothing more nothing less then digital masochism.

First of all we must fight against this strange "self-exposure" mania under which people have become enslaved to and endangered by the "cloud" sites they use. Again this nothing more nothing less then digital masochism. But there is another important aspect of this problem which is different from the problem of unhealthy self-revelation zeal that large part of Facebook users demonstrates on the Net.

This second problem is often discussed under the meme Is Google evil ? and it is connected with inevitable corruption of Internet by large Internet oligopolies such as Google, Yahoo, Facebook, etc. And they become oligopolies because we agree to use them as primary sources, for example Google for search, independently whether it is good for all types of searches or not.  Actually if you compare the quality of retuned results Google is not good for all searches. Bing often beats Google on searches connected with Windows (and even some pure Linux topics) and  duckduckgo.com while not bad in most categories really excels if you search information about Eastern Europe, as well on several political themes (I suspect some searches in Google are censored).

In any case after Snowden revelations it does not make sense to use a single search engine and in no way the default search engine should Google. You need  to spread your searches over several

After Snowden revelations it does not make sense to use a single search engine. You need  to spread your searches over several  with your primary/default search engine being anything but Google. The diversification (including diversification of search engines) is now a duty of concerned Internet users.

 IMHO if you did not put several search providers like say, duckduckgo.com in your browser and don't rotate them periodically, you are making a mistake. First of all you deprive yourself from the possibility to learn strong and weak point of different search engines. The second Google stores all searches, possibly indefinitely despite your ability to delete them from your personal history, so you potentially expose yourself to a larger extent by using a single provider.

And according to PRISM NSA is only one of possibly several agencies that can access your data.  Using three search engines you create the need to merge and correlate for example three sets of your activities (if you separates searches between different engine by topics), which slightly complicates the task. Also at least according to advertizing  duckduckgo.com does not store the history of your searches at all. Also if you use VPN there is no guarantee that those activities represent actions of a single person or a group of persons (especially, if you use a local proxy).  See Alternative Search Engines to Google

“Internet solutionism” exemplified by Google and push to the cloud services is the dangerous romantic utopia of our age. Google-style "cloud uber alles" push is often counter-productive, even dangerous

As Eugeny Morozov argued in The Net Delusion The Dark Side of Internet Freedom Internet solutionism” exemplified by Google, is the dangerous romantic utopia of our age. He regards Google-style "cloud uber alles" push as counter-productive, even dangerous:

...Wouldn’t it be nice if one day, told that Google’s mission is to “organize the world’s information and make it universally accessible and useful,” we would finally read between the lines and discover its true meaning: “to monetize all of the world’s information and make it universally inaccessible and profitable”? With this act of subversive interpretation, we might eventually hit upon the greatest emancipatory insight of all: Letting Google organize all of the world’s information makes as much sense as letting Halliburton organize all of the world’s oil.

The reason why the digital debate feels so empty and toothless is simple: framed as a debate over “the digital” rather than “the political” and “the economic,” it’s conducted on terms that are already beneficial to technology companies. Unbeknownst to most of us, the seemingly exceptional nature of commodities in question – from “information” to “networks” to “the Internet” – is coded into our language.

 It’s this hidden exceptionalism that allows Silicon Valley to dismiss its critics as Luddites who, by opposing “technology,” “information” or “the Internet”-- they don’t do plurals in Silicon Valley, for the nuance risks overwhelming their brains – must also be opposed to “progress.”

Internet started as a network of decentralized servers, able to withstand a nuclear attack. Now it probably will eventually return to a similar model on a new level as the danger to privacy of cloud providers exceed their usefulness. And from the point of view of enterprise cloud providers are not cheap, even calculating in additional cost of manpower (which is more loyal, if they are local) for administration of such servers. 

In any case now it looks like anybody who is greedy enough to use "free" (as in "The only free cheese is in the mouse trap") Gmail instead of getting webmail account via ISP with your own (let it call vanity, but it's your own :-) domain and the website which is used instead of Facebook is playing with fire. Even if they are nothing to hide, if they use Hotmail of Gmail for anything but spam (aka registrations, newsletters, etc) they are living in a virtual room with multiple hidden camera that record and store information including all their emails and address book forever. Private emails (if it is necessary to send email, often phone is enough)  should probably now be limited to regular SMTP accounts with client like Thunderbird (which actually is tremendously better then Gmail Web mail client with its Google+ perversions).  Of course, you can use pictures with handwriting instead of text , but this is too little too late as for your privacy concerns. In any case on Samsung tablets with  pen (like Tab A, Galaxy Tab S4, etc) this is very convenient  way to communicate, although images in email send to PC are generally a source of danger, as Microsoft Windows executes malicious attachment masquerading as images.

For personal, private information, you need to have your own servers and keep nothing in the "cloud". The network was originally designed to be "peer-to-peer" and the only hold back has been the cost of local infrastructure to do it and the availability of local technical talent to keep those services running. Now cost of hardware is trivial and services are so well known that running them is not a big problem even at home, especially a pre-configured virtual machines with "business" cable ISP account ( $29 per month from Cablevision).

Maybe the huge centralized services like Google and Yahoo have really been temporary anomalies of the adolescence of the Internet and given the breach of trust by governments and by these large corporations the next step will be return on a new level to Internet decentralized roots. Maybe local services can still be no less viable then cloud services. Even email, one of the most popular "in the cloud" services can be split into a small part of pure SMTP delivery (important mails) and bulk mail which can stay on Webmail (but preferably at your private ISP, not those monsters like Google, Yahoo or Microsoft). That does not exclude using "free" emails of this troika for storing spam :-). In short we actually don't have to be on Gmail to send or read email. And again, Google search is not the best search engine for everything. Moreover it is not wise to put all eggs in one basket. Microsoft Bing might be as bad and duckduckgo.com claims that they provide additional privacy and do not store your searches, but spreading your searches makes perfect sense. TCP connection to small ISP is as good as to Google or Yahoo and if you do not trust ISP you can use you home server with cable provider ISP account.

Where I have concern is if the network itself got partitioned along national borders as a result of NSA snooping, large portions of the net can become unreachable. That would be a balkanization we would end up regretting. It would be far better if we take a preemptive action against this abuse and limit the use of our Gmail, hotmail, Yahoo accounts for "non essential" correspondence, if we spread our search activities among multiple search engines and have our web pages, if any on personal ISP account. We need to enforce some level of privacy ourselves and don't behave like lemmings. Years ago there was similar situation with telephones wiretaps, and before laws preventing abuse of this capability were eventually passed people often used public phones for important calls they wanted to keep private.

Legally, if you join Google or Facebook you should have no expectations
 of privacy for any information you share on those sites

In Australia any expectations of privacy isn't legally recognized by the Supreme Court once people voluntarily offered data to the third party. And I think Australians are right. Here is a relevant Slashdot post:

General Counsel of the Office of the Director of National Intelligence Robert S. Litt explained that our expectation of privacy isn't legally recognized by the Supreme Court once we've offered it to a third party.

Thus, sifting through third party data doesn't qualify 'on a constitutional level' as invasive to our personal privacy. This he brought to an interesting point about volunteered personal data, and social media habits. Our willingness to give our information to companies and social networking websites is baffling to the ODNI.

'Why is it that people are willing to expose large quantities of information to private parties but don't want the Government to have the same information?,' he asked."

... ... ...

While Snowden's leaks have provoked Jimmy Carter into labeling this government a sham, and void of a functioning democracy, Litt presented how these wide data collection programs are in fact valued by our government, have legal justification, and all the necessary parameters.

Litt, echoing the president and his boss James Clapper, explained thusly:

"We do not use our foreign intelligence collection capabilities to steal the trade secrets of foreign companies in order to give American companies a competitive advantage. We do not indiscriminately sweep up and store the contents of the communications of Americans, or of the citizenry of any country. We do not use our intelligence collection for the purpose of repressing the citizens of any country because of their political, religious or other beliefs. We collect metadata—information about communications—more broadly than we collect the actual content of communications, because it is less intrusive than collecting content and in fact can provide us information that helps us more narrowly focus our collection of content on appropriate targets. But it simply is not true that the United States Government is listening to everything said by every citizen of any country."

It's great that the U.S. government behaves better than corporations on privacy—too bad it trusts/subcontracts corporations to deal with that privacy—but it's an uncomfortable thing to even be in a position of having to compare the two. This is the point Litt misses, and it's not a fine one.

Loss of privacy as a side effect of cloud-based Internet technologies

“Abandon all hope, ye who enter here.”

Maybe Dante had some serious vision.

The Guardian

Technology development create new types of communications and simultaneously with those new types of communication, new types of government surveillance mechanisms emerge sooner  or later (you can call them "externalities" of new methods of communication). Those externalities, especially low cost of mass surveillance using the fact that owner smartphones are connected to Internet all the time, unfortunately, bring us closer to the Electronic police state (Wikipedia) or National Security State whether we want it or not. The same, but to a lesser extent is true about Microsoft Windows, especially Windows 10.

A crucial element of such the national security state is that blanket data gathering, sorting and correlation are continuous, cover the majority (or all)  citizens. With special attention to foreigners and cross-border communications (which actually is a part of protection of state sovereignty). Those activities are little known, little understood and are seldom exposed.  In this sense Snowden revelations represent a huge  anomaly.

Cloud computing as a technology that presuppose storing the data "offsite" on third party servers have several security problems, and one of them is that it is way too much "surveillance friendly" (Misunderstanding of issues of security and trust). With cloud computing powers that be do not need to do complex job of recreating TCP/IP conversations on router level to capture, say, all the emails or all your SMS. They can access Web-based email mailbox directly with all mails in appropriate mailboxes and spam filtered. Your address book is a bonus ;-). This is a huge saving of computational efforts.

It means two things:

Not only the USA government with its Prism program is involved in this activity. British security services are probably even more intrusive. Most governments probably try to do some subset of the above. Two important conclusions we can get are:

It puts you essentially in a situation of a bug under microscope on Big Brother. And please understand that modern storage capabilities are such that it is easy to store several years of at least some of your communications, especially emails.

The same is true about your phone calls metadata, credit card transactions and your activities on major shopping sites such as Amazon, and eBay. But here you can do almost nothing. Still I think our support of "brick" merchants is long overdue. Phones are traditional target of government three letter agencies (WSJ) since the WWII. Smartphones with GPS in addition to land line metadata also provide your current geo location. I do not think you can do much here.

I think our support of "brick" merchants is long overdue. And paying cash in the store in not something that you should try to avoid because credit card returns you 1% of the cost of the purchase. This 1% is actually a privacy tax ;-)

The centralization of searches on Google (and to lesser extent on Bing) are also serious threats to your privacy. Here diversification between three or more search engines might help a bit. Other then that and generally limited your time behind the computer I do not think much can be done. Growth of popularity of Duckduckgo suggests that people are vary of Google monopolizing the search, but it is unclear how big are the advantages. You can also save searches as many searches are recurrent and generally you can benefit from using your personal Web proxy with private cashing DNS server. This way to can "shrink" your radar picture, but that's about it. Search engines are now an integral part of our civilization whether we want it or not.

Collection of your searches for the last several years can pretty precisely outline sphere of your interests. And again technical constrains on storage of data no longer exists: how we can talk about privacy at the age of 3 TB harddrives for $99. There are approximately 314 million of the US citizens and residents, so storing one gigabyte of information for each citizen requires just 400 petabytes. For comparison

Adding insult to injury: Self-profiling

Facebook has nothing without people
silly enough to exchange privacy for photosharing

The key problem with social sites is that many people voluntarily post excessive amount of personal data about themselves, including keeping their photo archives online, etc. So while East Germany analog of the Department of Homeland Security called Ministry for State Security (Stasi) needed to recruit people to spy about you, now you yourself serves as a informer voluntarily providing all the tracking information about your activities ;-).

Scientella, palo alto

...Facebook always had a very low opinion of peoples intelligence - and rightly so!

I can tell you Silicon Valley is scared. Facebook's very existence depends upon trusting young persons, their celebrity wannabee parents and other inconsequential people being prepared to give up their private information to Facebook.

Google, now that SOCIAL IS DEAD, at least has their day job also, of paid referral advertising where someone can without divulging their "social" identity, and not linking their accounts, can look for a product on line and see next to it some useful ads.

But Facebook has nothing without people silly enough to exchange privacy for photosharing.

... ... ...

Steve Fankuchen, Oakland CA

Cook, Brin, Gates, Zuckerberg, et al most certainly have lawyers and public relations hacks that have taught them the role of "plausible deniability."

Just as in the government, eventually some low or mid-level flunkie will likely be hung out to dry, when it becomes evident that the institution knew exactly what was going on and did nothing to oppose it. To believe any of these companies care about their users as anything other than cash cows is to believe in the tooth fairy.

The amount of personal data which users of site like Facebook put voluntarily on the Web is truly astonishing. Now anybody using just Google search can get quit substantial information about anybody who actively using social sites and post messages in discussion he/she particulates under his/her own name instead of a nickname. Just try to see what is available about you and most probably your jaw would drop...

Google Toolbar in advanced mode is another common snooping tool about your activities. It send each URL you visit to Google and you can be sure that from Google several three letter agencies get this information as well. After all Google has links to them from the very beginning:

This is probably right time for the users of social sites like Facebook, Google search, and Amazon (that means most of us ;-) to think a little bit more about the risks we are exposing ourselves. We all should became more aware about the risks involved as well as real implications of the catch phase Privacy is Dead – Get Over It.

This is probably right time for the users of social sites like Facebook, Google search, and Amazon (that means most of us ;-) to think a little bit more about the risks we are exposing ourselves.

As Peter Ludlow noted in NYT (The Real War on Reality):

If there is one thing we can take away from the news of recent weeks it is this: the modern American surveillance state is not really the stuff of paranoid fantasies; it has arrived.

Citizens of foreign countries have accounts at Facebook and mail accounts in Gmail, hotmail and Yahoo mail are even in less enviable position then the US citizens. They are legitimate prey. No legal protection for them exists, if they use those services. That means that they voluntarily open all the information they posted about themselves to the US government in addition to their own government. And the net is probably more wide then information leaked by NSA contractor Edward Snowden suggests. For any large company, especially a telecom corporation, operating is the USA it might be dangerous to refuse to cooperate (Qwest case).

Former Qwest CEO Joseph Nacchio, convicted of insider trading in April 2007, alleged in appeal documents that the NSA requested that Qwest participate in its wiretapping program more than six months before September 11, 2001. Nacchio recalls the meeting as occurring on February 27, 2001. Nacchio further claims that the NSA cancelled a lucrative contract with Qwest as a result of Qwest's refusal to participate in the wiretapping program.[13] Nacchio surrendered April 14, 2009 to a federal prison camp in Schuylkill, Pennsylvania to begin serving a six-year sentence for the insider trading conviction. The United States Supreme Court denied bail pending appeal the same day.[15]

It is not the case of some special evilness of the US government. It simply is more agile to understand and capitalize on those new technical opportunities. It is also conveniently located at the center of Internet universe with most traffic is flowing via US owned or controlled routers (67% or more). But it goes without saying that several other national governments and a bunch of large corporations also try to mine this new gold throve of private information on citizens. Probably with less sophistication and having less financial resources.

In many cases corporations themselves are interested in partnership with the government. Here is one telling comment:

jrs says on June 8, 2013

Yea in my experience that’s how “public/private partnerships” really work:

  1. Companies DO need protection FROM the government. An ill-conceived piece of legislation can put a perfectly decent out of business. Building ties with the government is protection.
  2. Government represents a huge market and eventually becomes one of the top customers for I think most businesses (of course the very fact that a government agency is a main customer is often kept hush hush even within the company and something you are not supposed to speak of as an employee even though you are aware of it)
  3. Of course not every company proceeds to step 3 -- being basically an arm of the government but ..

That means that not only Chinese citizens already operate on the Internet without any real sense of privacy. Even if you live outside the USA the chances are high that you automatically profiled by the USA in addition to your own government. Kind of neoliberalism in overdrive mode: looks like we all are already citizens of a global empire (Let's call it "Empire of Peace"  in best 1984 tradition ;-) with the capital in Washington.

It is reasonable to assume that a massive eavesdropping apparatus now tracks at least an "envelope" of every electronic communication you made during your lifetime. No need for somebody reporting about you like in "old" totalitarian state like East Germany with its analog of the Department of Homeland Security called the Ministry for State Security (Stasi). So in this new environment, you are like Russians used to say about dissidents who got under KGB surveillance is always "under the dome". In this sense this is just an old vine in a new bottles. But the global scope and lifetime storage of huge amount of personal information for each and every citizen is something new and was made possible the first time in world history by new technologies.

It goes without saying that records about time, sender and receiver of all your phone calls, emails, Amazon purchases, credit card transactions, and Web activities for the last decade are stored somewhere in a database and not necessary only government computers. And that means that your social circle (the set of people you associate with), books and films that you bought, your favorite websites, etc can be easily deducted from those records.

That brings us to an important question about whether we as consumers should support such ventures as Facebook and Google++ which profile you and after several years have a huge amount of pretty private and pretty damaging information about you, information which can get into wrong hands.

Recent discoveries about Prism program highlight additional possibilities of what Google and Facebook can do with our data

The most constructive approach to NSA is to view it as a large government bureaucracy that expanded their snooping activities due to new technological possibilities to the extent that "quantity turned into quality."  -- the state was converted into national security state.  Expansion of power on intelligence agencies since Truman is the key for understanding the evolution of the USA and other countries. Very soon (in the USA in early 60th with JFK assassination) they became political players. Latest saga of spying on Trump just confirms this by providing fascinating details of false flag operation  attempted in order  to enhance the scope of surveillance such  as DNC email break-in and Steele dossier.

Any large bureaucracy is a political coalition with the primary goal of preserving and enhancing of its own power (and, closely related to power, the level of financing), no matter what are official declarations. And if breaching your privacy helps with this noble goal, they will do it.

Which is what Bush government did after 9/11. The question is how much bureaucratic bloat resulting in classic dynamics of organizational self-aggrandizement and expansionism happened in NSA is open to review. We don't know how much we got in exchange for undermining internet security and the US constitution. But we do know the intelligence establishment happily appropriated billions of dollars, had grown by thousand of employees and got substantial "face lift" and additional power within the executive branch of government. To the extent that sometimes it really looks like a shadow government (with three branches NSA, CIA and FBI). And now they will fight tooth-and nail to protect the fruits of a decade long bureaucratic expansion. It is an Intelligence Church of sorts and like any religious organization they do not need facts to support their doctrine and influence.

Typically there is a high level of infighting and many factions within any large hierarchical organization, typically with cards hold close the west and limited or not awareness about those turf battles of the outsiders. Basically any hierarchical institution corporate, religious, or military will abuse available resources for internal political infighting. And with NSA "big data" push this is either happening or just waiting to happen. This is a danger of any warrantless wiretapping program: it naturally convert itself into a saga of eroding checks and disappearing balances. And this already happened in the past, so in a way it is just act two of the same drama (WhoWhatWhy):

After media revelations of intelligence abuses by the Nixon administration began to mount in the wake of Watergate, NSA became the subject of Congressional ire in the form of the United States Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities—commonly known as the “Church Committee” after its chair, Senator Frank Church (D-ID)—established on January 17, 1975. This ad-hoc investigative body found itself unearthing troves of classified records from the FBI, NSA, CIA and Pentagon that detailed the murky pursuits of each during the first decades of the Cold War. Under the mantle of defeating communism, internal documents confirmed the executive branch’s use of said agencies in some of the most fiendish acts of human imagination (including refined psychological torture techniques), particularly by the Central Intelligence Agency.

The Cold War mindset had incurably infected the nation’s security apparatus, establishing extralegal subversion efforts at home and brutish control abroad. It was revealed that the FBI undertook a war to destroy homegrown movements such as the Black Liberation Movement (including Martin Luther King, Jr.), and that NSA had indiscriminately intercepted the communications of Americans without warrant, even without the President’s knowledge. When confronted with such nefarious enterprises, Congress sought to rein in the excesses of the intelligence community, notably those directed at the American public.

The committee chair, Senator Frank Church, then issued this warning about NSA’s power:

That capability at any time could be turned around on the American people and no American would have any privacy left, such is the capability to monitor everything. Telephone conversations, telegrams, it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology. I don’t want to see this country ever go across the bridge. I know the capability that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return.

The reforms that followed, as enshrined in the Foreign Intelligence Surveillance Act (FISA) of 1978, included the establishment of the Foreign Intelligence Surveillance Court (FISC): a specially-designated panel of judges who are allowed to review evidence before giving NSA a warrant to spy on Americans (only in the case of overseas communication). Hardly a contentious check or balance, FISC rejected zero warrant requests between its inception in 1979 and 2000, only asking that two warrants be “modified” out of an estimated 13,000.

In spite of FISC’s rubberstamping, following 9/11 the Bush administration began deliberately bypassing the court, because even its minimal evidentiary standard was too high a burden of proof for the blanket surveillance they wanted. So began the dragnet monitoring of the American public by tapping the country’s major electronic communication chokepoints in collusion with the nation’s largest telecommunications companies.

When confronted with the criminal conspiracy undertaken by the Bush administration and telecoms, Congress confirmed why it retains the lowest approval rating of any major American institution by “reforming” the statute to accommodate the massive law breaking. The 2008 FISA Amendments Act [FAA] entrenched the policy of mass eavesdropping and granted the telecoms retroactive immunity for their criminality, withdrawing even the negligible individual protections in effect since 1979. Despite initial opposition, then-presidential candidate Barack Obama voted for the act as one of his last deeds in the Senate. A few brave (and unsuccessful) lawsuits later, this policy remains the status quo.

Similarly we should naturally expect that the notion of "terrorist" is very flexible and in certain cases can be equal to "any opponent of regime" (any "dissident" n soviet terms). While I sympathize NYT readers reaction to this incident (see below), I think it is somewhat naive. They forget that they are living under neoliberal regime which like any rule of top 0.01% is afraid of and does not trust its own citizens. So massive surveillance program is a self-preservation measure which allow the neoliberal elite to crush or subvert the opposition at early stages. This is the same situation as existed with Soviet nomenklatura, with the only difference that Soviet nomenklatura was more modest in pushing the USSR as a beacon of progress and bright hope for establishing democratic governance for all mankind ;-). As Ron Paul noted:

Many of us are not so surprised.

Some of us were arguing back in 2001 with the introduction of the so-called PATRIOT Act that it would pave the way for massive US government surveillance—not targeting terrorists but rather aimed against American citizens. We were told we must accept this temporary measure to provide government the tools to catch those responsible for 9/11. That was nearly twelve years and at least four wars ago.

We should know by now that when it comes to government power-grabs, we never go back to the status quo even when the “crisis” has passed. That part of our freedom and civil liberties once lost is never regained. How many times did the PATRIOT Act need renewed? How many times did FISA authority need expanded? Why did we have to pass a law to grant immunity to companies who hand over our personal information to the government?

And while revealed sources of NSA Prism program include Apple, Google, Facebook, Microsoft, Yahoo and others major Internet players, that's probably just a tip of the iceberg. Ask yourself a question, why Amazon and VISA and MasterCard are not on the list? According to The Guardian:

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

... ... ...

Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007. It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks

... ... ...

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

So while the document does not list Amazon, but I would keep fingers crossed.

Questions that arise

To be aware about a situation you need to be able to formulate and answer key questions about it. The first and the most important question is whether the government is engaged in cyberstalking of law abiding citizens. Unfortunately the answer is definite yes, as oligarchy needs total control of prols. As a result National Security State rise to prominence as a dominant social organization of neoliberal societies, the societies which characterized by very high level of inequality.

But there are some additional, albeit less important questions. The answers to them determine utility or futility of small changes of our own behavior in view of uncovered evidence. Among possible set of such question I would list the following:

There are also some minor questions about efficiency of "total surveillance approach". Among them:

The other part of understand the threat is understanding is what data are collected. The short answer is all your phone records and Internet activity (RT USA):

The National Security Agency is collecting information on the Internet habits of millions of innocent Americans never suspected of criminal involvement, new NSA documents leaked by former intelligence contractor Edward Snowden suggest.

Britain’s Guardian newspaper reported Monday that top-secret documents included in the trove of files supplied by the NSA contractor-turned-leaker Edward Snowden reveal that the US intelligence community obtains and keeps information on American citizens accumulated off the Internet without ever issuing a search warrant or opening an investigation into that person.

The information is obtained using a program codenamed Marina, the documents suggest, and is kept by the government for up to a full year without investigators ever having to explain why the subject is being surveilled.

“Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection,” the Guardian’s James Ball quotes from the documents.

According to a guide for intelligence analysts supplied by Mr. Snowden, “The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target.”

"This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development,” it continues.

Ball writes that the program collects “almost anything” a Web user does online, “from browsing history – such as map searches and websites visited – to account details, email activity, and even some account passwords.”

Only days earlier, separate disclosures attributed to Snowden revealed that the NSA was using a massive collection of metadata to create complex graphs of social connections for foreign intelligence purposes, although that program had pulled in intelligence about Americans as well.

After the New York Times broke news of that program, a NSA spokesperson said that “All data queries must include a foreign intelligence justification, period.” As Snowden documents continue to surface, however, it’s becoming clear that personal information pertaining to millions of US citizens is routinely raked in by the NSA and other agencies as the intelligence community collects as much data as possible.

In June, a top-secret document also attributed to Mr. Snowden revealed that the NSA was collecting the telephony metadata for millions of Americans from their telecom providers. The government has defended this practice by saying that the metadata — rough information that does not include the content of communications — is not protected by the US Constitution’s prohibition against unlawful search and seizure.

“Metadata can be very revealing,” George Washington University law professor Orin S. Kerr told the Times this week. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”

According to the Guardian’s Ball, Internet metadata picked up by the NSA is routed to the Marina database, which is kept separate from the servers where telephony metadata is stored.

Only moments after the Guardian wrote of its latest leak on Monday, Jesselyn Radack of the Government Accountability Project read a statement before the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs penned by none other than Snowden himself.

When I began my work, it was with the sole intention of making possible the debate we see occurring here in this body,” Snowden said.

Snowden, who has been granted temporary asylum in Russia after being charged with espionage in the US, said through Raddack that “The cost for one in my position of returning public knowledge to public hands has been persecution and exile.”

Infoglut and the limits to spying via data collected about you

If the NSA's mining of data traffic is so effective, why weren't Tsarnaev's family's overseas calls predictive of a bombing at the Boston Marathon?

-Helen Corey WSJ.com

There are limits of this "powerful analytical software" used. First of all Snowden revelations constitute a blow (but not a knockout) for all NSA activities against really serious opponents. Now they are forewarned and that mean forearmed. That simply means that they might start feeding NSA disinformation and that's a tremendous danger for NSA that far outweigh the value of any real information collected.

The main danger for NSA is the deliberate feeding of false information into the collection stream

There is another side of this story. As we mentioned above, even if NSA algorithms are incredibly clever they can't avoid producing large number of false positives taking into account that they are drinking from a fire hose. Especially now when people will try to bury useful signal in noise. And it is not that difficult to replay somebody else Web logs on a periodic basis -- that means that the task of analysis of web logs became not only more complex. It changed. The assumption that that the set of visited sites represents real activity of a particular user is now just a plausible hypothesis. Not  more then that. 

Inefficiency is another problem. After two year investigation into the post 9/11 intelligence agencies, the Washington Post came to conclusion that they were collecting far more information than anyone can comprehend (aka "drowning is a sea of data"):

Every day, collection systems at the National Security Agency intercept and store 1.7 billions e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases"

Such volume along creates a classic problem of "signal vs. noise" (infoglut).  And this is insolvable problem, which became only worse with the availability of more information. In this  sense Prism program which deals with already filtered by user information is a great help to NSA (and that  means that Goggle, Facebook, Microsoft, Yahoo and fiends are very valuable for NSA partners and will remain partners despite all claims of their top honchos).

Unless special care is exercised by collection everything from the "line" NSA is like drinking from  the firehose:  

...Infoglut raises disturbing questions regarding new operations of power and control in a world of algorithms." —Jodi Dean, author of Democracy and Other Neoliberal Fantasies

...Andrejevic argues that people prioritize correlation over comprehension - "what" and facts are more important than "why" and reasons.

As Washington Post noted:

Analysts who make sense of document and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year -- a volume so large that many are routinely ignored

In plain English that means that analysts produce reports, lion share of which is never read. The enormity of the database exacerbate the problems. That's why NSA is hunting for email on cloud providers, where they are already filtered from spam, and where processing required is so much less than for the same information intercepted from the wire. Still even with the direct access to user accounts, the volume of data, especially graphic info (pictures), sound and video data, is really huge and that stress the limits of processing capabilities and storage.

Which means that  switch to hieroglyphs in communication theoretically creates serious problems in intercepting the data stream.  Deciphering a meaning of pictograms used is not that easy. Classic captcha methods can be used to make direct conversion to text impossible. This method was actually widely used in letters in the past (when some words were deliberately replaced by hand written pictures. ). For one thing  that approach make it more difficult "keyword-based" searches for relevant information in email as "trigger-words" can be replaced by pictograms.  Add to this that the meaning of pictograms can be individualized and you can see that this is an approach close to stenography.

Presence of noise in the channel also makes signal much more difficult to detect. Now you can be sure that any serious opponent will try to disguise the traffic by all means available. So getting a "clean" stream of data for a given IP is now a pipe dream.

Problems typical for large bureaucracies also place limits of effective large scale data collection

Existence of Snowden saga when a single analyst was able to penetrate the system and extract considerable amount information with impunity suggests that the whole Agency is a mess with a lot of incompetents at the helm. Which is typical for large government agencies and large corporations. Still the level of logs collection and monitoring proved to be surprisingly weak, and those are indirect signs of other rot. It looks like the agency does not even know what reports Snowden get into his hands. Unless this is a very clever insider operation, we need to assume that Edward Snowden stole thousands of documents, abused his sysadmin position in the NSA, and was never caught. The fact that he was able to bypass logs tells that the whole place is a complete  mess. In other words "The shoemaker’s children go barefoot."

the level of logs collection and monitoring proved to be surprisingly weak, and those are indirect signs of other rot. It looks like the agency does not even know what reports Snowden get into his hands.

 Here is one relevant comment from The Guardian

carlitoontour

Oh NSA......that´s fine that you cannot find something......what did you tell us, the World and the US Congress about the "intelligence" of Edward Snowden and the low access he had?

SNOWDEN SUSPECTED OF BYPASSING ELECTRONIC LOGS

WASHINGTON (AP) -- The U.S. government's efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden's sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government's forensic investigation is wrestling with Snowden's apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren't authorized to discuss the sensitive developments publicly.

http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SNOWDEN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-08-24-09-41-24

On the other hand government agencies were never too good in making huge and complex software projects work. And any large software project is a very difficult undertaking in any case, which require talented and dedicated manager at the helm. In large bureaucracies such people are filtered out long before that get to the necessary position. Mostly sycophants, "yes men", or people who can well mask their real identities,  prosper. 

Even in industry 50% of software projects fail, and anybody who works in the industry knows, that the more complex the project is the higher are chances that it will be mismanaged and its functionality crippled due to architectural defects ("a camel is a horse designed by a committee"). The Conway law also suggest that the structure of software product reflect communication channels in the organization.

With pretty bizarre communication channels in a large hierarchical organization like NSA you can expect huge problems on architectural level. There are also counterexamples to that. Google Earth was initially a project of three letter agencies, which was "donated" to Google.  And this is a very good software product. Still it is given that large projects will be over budget. Possibly several times over. But if money is not a problem such system will eventually be completed ("with enough thrust pigs can fly").

Any large software project is a very difficult undertaking in any case, which require talented and dedicated manager at the helm. In large bureaucracies such people are filtered out long before that get to the necessary position. Mostly sycophants, "yes men", or people who can well mask their real identities,  prosper.

Still there’s no particular reason to think that corruption (major work was probably outsourced) and incompetence (on higher management levels and, especially on architectural level as in "camel is a horse designed by a committee") don't affect the design and functionality of such government project. Now when this activity come under fire some "ad hoc" adjustments might be especially badly thought out and could potentially cripple even the existing functionality. As J. Kirk Wiebe, a NSA insider, noted

"The way the government was going about those digital data flows was poor formed, uninformed. There seen to be more of a desire to contract out and capture money flow then there was a [desire} to actually perform the mission".

See the interview of a trio of former National Security Agency whistle-blowers to USA TODAY ( J. Kirk Wiebe remarks starts at 2:06 and the second half of it continues from 6:10):

... ... ...

In military organizations the problem is seldom with the talent (or lack of thereof) of individual contributors. The problem is with the bureaucracy that is very effective in preventing people from exercising their talents at the service of their country. Such system is deformed in such a way that it hamstrings the men who are serving in it. As a results, more often then not the talents are squandered or misused by patching holes created by incompetence of higher-up or or just pushed aside in the interdepartmental warfare.

In a way, incompetence can be defined as the inability to avoid mistakes which, in a "normal" course of project development could and should be avoided. And that's the nature of military bureaucracy with its strict hierarchy, multiple layer of command and compete lack of accountability on higher levels.

In addition, despite the respectable name of the organization many members of technical staff are amateurs. They never managed to sharpen their technical skills, while at the same time acquiring the skills necessary to survive the bureaucracy. Many do not have basic academic education and are self-taught hackers and/or "grow on the job" type of personnel. Such people often have difficulties seeing "the bigger picture".  Typically people at higher level of hierarchy, are simply not experts in software engineering, but more like typical corporate "PowerPoint warriors." They can be very shred managers and accomplished political fighters, but that's it.  Death by PowerPoint  of good ideas in large bureaucracies is a fact of life.

This is the same situation that exists in security departments of large multinationals, so we can extrapolate from that. The word of Admiral Nelson "If the enemy would know what officer corps will confront them, it will be trembling, like I am". Here is Bill Gross recollection of his service as a naval officer (The Tipping Point) that illustrate the problems:

A few years ago I wrote about the time that our ship (on my watch) was almost cut in half by an auto-piloted tanker at midnight, but never have I divulged the day that the USS Diachenko came within one degree of heeling over during a typhoon in the South China Sea. “Engage emergency ballast,” the Captain roared at yours truly – the one and only chief engineer.

Little did he know that Ensign Gross had slept through his classes at Philadelphia’s damage control school and had no idea what he was talking about. I could hardly find the oil dipstick on my car back in San Diego, let alone conceive of emergency ballast procedures in 50 foot seas.

And so…the ship rolled to starboard, the ship rolled to port, the ship heeled at the extreme to 36 degrees (within 1 degree, as I later read in the ship’s manual, of the ultimate tipping point). One hundred sailors at risk, because of one twenty-three-year-old mechanically challenged officer, and a Captain who should have known better than to trust him.

Huge part of this work is outsourced to various contractors and this is where corruption really creeps in. So the system might be not as powerful as many people automatically assume when they hear the abbreviation of NSA. So in a way when news about such system reaches public it might serve not weakening but strengthening of the capabilities of the system. Moreover, nobody would question the ability of such system to store huge amount of raw or semi-processed data including all metadata for your transactions on the Internet.

Also while it is a large agency with a lot of top mathematic talent, NSA is not NASA and motivation of the people (and probably quality of architectural thinking about software projects involved) is different despite much better financing. While they do have high quality people, like most US agencies in general, large bureaucracies usually are unable to utilize their talent. Mediocrities with sharp elbows, political talent, as well as sociopaths typically rule the show.

That means two things:

So even with huge amount of subcontractors they can chase mostly "big fish". Although one nasty question is why with all those treasure trove of data organized crime is so hard to defeat. Having dataset like this should generally expose all the members of any gang. Or, say, network of blue collar insider traders. So in an indirect way the fact that organized crime not only exists and in some cities even flourish can suggest one of two things:

There is also a question of complexity of analysis:

Possibility of abuses of collected data

Mass collection of data represent dangers outside activities of three letter agencies. Data collected about you by Google, Facebook, etc are also very dangerous. And they are for sell. Errors in algorithms and bugs in data mining programs can bite some people in a different way then branding them as "terrorists". Such people have no way of knowing why all of a sudden, for example, they are paying a more for insurance, why their credit score is so low no matter what they do, etc.

In no way government in the only one who are using the mass of data collected via Google / Facebook / Yahoo / Microsoft / Verizon / Optonline / AT&T / Comcast, etc. It also can lead to certain subtle types of bias if not error. And there are always problems of intentional misuse of data sets having extremely intimate knowledge about you such as your medical history.

Corporate corruption can lead to those data that are shared with the government can also be shared for money with private actors. Inept use of this unconstitutionally obtained data is a threat to all of us.

Then there can be cases when you can be targeted just because you are critical to the particular area of government policy, for example the US foreign policy. This is "Back in the USSR" situation in full swing, with its prosecution of dissidents. Labeling you as a "disloyal/suspicious element" in one of government "terrorism tracking" databases can have drastic result to your career and you never even realize whats happened. Kind of Internet era McCarthyism .

Obama claims that the government is aware about this danger and tried not to overstep, but he is an interested party in this discussion. In a way all governments over the world are pushed into this shady area by the new technologies that open tremendous opportunities for collecting data and making correlations.

That's why even if you are doing nothing wrong, it is still important to know your enemy, as well as avoid getting into some traps. As we already mentioned several times before, one typical trap is excessive centralization of your email on social sites, including using a single Webmail provider. It is much safer to have mail delivery to your computer via POP3 and to use Thunderbird or other email client. If your computer is a laptop, you achieve, say, 80% of portability that Web-based email providers like Google Gmail offers. That does not mean that you should close your Gmail or Yahoo account. More important is separating email accounts into "important" and "everything else". "Junk mail" can be stored on Web-based email providers without any problems. Personal emails is completely another matter.

Email privacy

I do not like when stranger is reading my mail,
overlooking over my shoulder

Famous Russian bard Vladimir Vissotsky,
Also on YouTube

Email security is a large and complex subject. It is a typical "bullet vs. armor" type of topic. In this respect the fact the US government were highly alarmed by Snowden revelations is understandable as this shift the balance from dominance of "bullet" by stimulating the development of various "armor" style methods to enhance email privacy. It also undermines/discredits cloud-based email services, especially large one such as Hotmail, Gmail, and Yahoo mail, which are the most important providers of emails.

You can't hide your correspondents so recreation of network of your email correspondents is a fact of life that you can do nothing about. But you can make searching emails for keywords and snooping of the text of your email considerably more difficult. And those methods not necessary means using PGP (actually from NSA point of view using PGP is warning sign that you has something to hide and that increase interest to your mailbox; and this is a pretty logical assumption).

First of all using traditional POP3 account now makes much more sense (although on most ISPs undelivered mail is available via Web interface). In case of email security those who know Linux/Unix have a distinct advantage. Those OSes provide the ability to have a home server that performs most functions of the cloud services at a very moderate cost (essentially the cost of web connection, or an ISP Web account; sometime you need to convert you cable Internet account to "business" to open ports). Open source software for running Webmail on your own server is readily available and while it has its security holes at least they are not as evident as those in Gmail, Hotmail and Yahoo mail. And what is the most important you escape aggregation of your emails on a large provider.

IMHO putting content in attachment, be it gif of a handwritten letter in DOC document, or MP3 file presents serious technical problems for snoopers. First of all any multimedia attachment, such a gif of your handwriting (plus a jpeg of your favorite cat ;-), dramatically increase the necessary storage and thus processing time. Samsung Note 10.1 and Microsoft Surface PRO tablets provide opportunity to add both audio and handwriting files to your letter with minimal effort. If you have those device, use them. Actually this is one of few areas when tablets are really useful. Sending content as a multimedia file makes snooping more difficult for several reasons:

Another important privacy enhancing feature of emails is related to a classic "noise vs. useful signal" problem. In this respect the existence of spam looks like a blessing. In case of mimicry filtering "signal from noise" became a complex problem. That's why NSA prefers accessing mail at final destination as we saw from slides published in Guardian. But using local delivery and Thunderbird or any other mail client make this avenue of snooping easily defeatable. Intercepted on the router, spam can clog arteries of automatic processing really fast. It also might slightly distort your "network of contacts" So if you switch off ISP provided spam filter and filter spam locally on your computer, the problem of "useful sig   le border="2" width="90%" bgcolor="#FFFF00">   " is offloaded to those who try to snoop your mail. And there are ways to ensure that they will filter out wrong emails ;-). Here is a one day sample of spam:

Subject: Hello!
Subject: Gold Watches
Subject: Cufflinks
Subject: Join us and Lose 8-12 lbs. in Only 7-10 Days!
Subject: New private social network for Ukrainian available ladies and foreign men.
Subject: Fresh closed social network for Russian attractive girls and foreigners.
Subject: hoy!
Subject: Daily Market Movers Digest
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:To:Message-ID:From:Date; bh=rabQUxPZjHIp1RwoC7c+cj41NudW37VFkMlmNcq4yig=;
Subject: =?utf-8?Q?=E1=B9=BD=E2=80=8D=C7=8F=E2=80=8D=E1=BE=B6=E2=80=8D=C4=A0=E2=80=8D=E1=B9=99=E2=80=8D=E1=BE=B6?=
Subject: IMPORTANT - WellsFargo
Subject: =?Windows-1251?B?z29j8nBv5e3o5SBj6GPyZez7IO7v62Hy+yDvbyBwZefz6/zy4PLz?=
Subject: New private social network for beautiful Ukrainian women and foreign men.
Subject: Fresh closed social network for Russian sexy women and foreign men.
Subject: Cufflinks
Subject: (SECURE)Electronic Account Statement 0558932870_06112013
Subject: (SECURE)Electronic Account Statement 0690671601_06112013
Subject: Returned mail: see transcript for details
Subject: Bothered with censorship restrictions on Social networks?
Subject: Delivery Status Notification (Failure) - [AKO Content Violation - SPAM]Are
Subject: (SECURE)Electronic Account Statement 0355009837_06112013
Subject: You need Ukrainian with large breasts that Madame ready to correspond to intimate topics?
Subject: =?Windows-1251?B?wfPy/CDjb/Lu4iDqIO/wb+Ll8Org7A==?=
Subject: You need a Russian woman with beautiful eyes is ready to correspond to private theme?
Subject: Mail delivery failed: returning message to sender
Subject: Are you bored with censorship limits at Social networks?
Subject: =?windows-1254?B?U0VSVN1G3UtBTEkgWUFOR0lOIEXQ3VTdTd0gSEVNRU4gQkHeVlVSVU4=?=
Subject: Join us and Lose 8-12 lbs. in Only 7-10 Days!
Subject: Important Activation needed
Subject: Hi!
Subject: WebSayt Sadece 35 Azn
Subject: Join us and Lose 8-12 lbs. in Only 7-10 Days!

Note the line "Subject: Mail delivery failed: returning message to sender". That means that in the spam filter you need to fight with the impersonalization (fake sender) as well. While typically this is easy based on content of "Received:" headers, there are some complex cases, especially with bounced mails and "onetime" identities (when the sender each time assumes a different identity at the same large provider). See also Using “impersonalization” in your email campaigns.

BTW fake erotic spam provides tremendous steganography opportunities. Here is a very simplistic example.

Subject: Do you want a Ukrainian girl with large breasts ready to chat with you on intimate topics?

New closed social network with hot Ukrainian ladies is open. If you want to talk on erotic themes, with sweet women then this is for you!

I dropped my previous girlfriend. Things deteriorates dramatically here and all my plans are now on hold.

So I decided to find a lady friend for regular erotic conversations! And I am now completely satisfied customer.

Give it is try. "http://t.co/FP8AnKQOyV" Free Registration and first three sessions !!!

Does the second paragraph starting with the phrase "I dropped my previous girlfriend..." in the email below contain real information masked in erotic spam, or the message is a regular junk?

Typical spam filter would filter this message out as spam, especially with such a subject line ;-).

You can also play a practical joke imitating spammer activity. Inform a couple of your friends about it and then send similar letter from one of your Gmail account to your friends. Enjoy change in advertisements ;-).

In many cases what you want to send via email, can be done more securely using phone. Avoid unnecessary emails like a plague. And not only because of NSA existence. Snooping into your mailbox is not limited to three-letter agencies.

Facebook Problem

I always wondered why Facebook -- a cluelessly designed site which imitates AOL, the hack written in PHP which provide no, or very little value to users, other then a poorly integrated environment for personal Web page (simple "vanity fair" pages), blog and email. It is definitely oriented on the most clueless or at least less sophisticated users and that's probably why it has such a level of popularity. They boast almost billion customers, although I suspect that half of those customers check their account only once a month or so. Kind of electronic tombstone to people's vanity...

The interface is second rate and just attests a very mediocre level of software engineering. It is difficult to imagine that serious guys are using Facebook. And those who do use it, usually are of no interest to three letter agencies. Due to this ability of the government to mine Facebook might be a less of a problem then people assume, much less of a problem than mining Hotmail or Gmail.

But that does not mean that Facebook does not have value. Just those entities for whom it provides tremendous value are not users ;-) Like WikiLeaks founder Julian Assange stated Facebook, Google, and Yahoo are actually extremely powerful tools for centralized information gathering that can used by advertisers, merchants, government, financial institutions and other powerful/wealthy players.

Such sites are also very valuable tools for advertisers who try to capitalize of the information about your Facebook or Google profile, Gmail messages content, network of fiends and activities. And this is pretty deep pool of information.

"Facebook in particular is the most appalling spying machine that has ever been invented," Assange said in the interview, which was videotaped and published on the site. "Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible ..."

That's why Google, who also lives and dies by advertising revenue put so much efforts at Google+. And promotes so heavily +1 button. They sense the opportunity for additional advertising revenue due to more precise targeting and try to replicate Facebook success on a better technological platform (Facebook is a hack written in PHP -- and writing in PHP tells a lot about real technological level of Mark Zuckerberg and friends).

But government is one think, advertisers is another. The magnitude of online information Facebook has available about each of us for targeted marketing is stunning. In Europe, laws give people the right to know what data companies have about them, but that is not the case in the United States. Here is what Wikipedia writes about Facebook data mining efforts:

There have been some concerns expressed regarding the use of Facebook as a means of surveillance and data mining. The Facebook privacy policy once stated,

"We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services and other users of Facebook, to supplement your profile."[23]

However, the policy was later updated and now states: "We may use information about you that we collect from other Facebook users to supplement your profile (such as when you are tagged in a photo or mentioned in a status update). In such cases we generally give you the ability to remove the content (such as allowing you to remove a photo tag of you) or limit its visibility on your profile."[23] The terminology regarding the use of collecting information from other sources, such as newspapers, blogs, and instant messaging services, has been removed.

The possibility of data mining by private individuals unaffiliated with Facebook has been a concern, as evidenced by the fact that two Massachusetts Institute of Technology (MIT) students were able to download, using an automated script, over 70,000 Facebook profiles from four schools (MIT, NYU, the University of Oklahoma, and Harvard University) as part of a research project on Facebook privacy published on December 14, 2005.[24] Since then, Facebook has bolstered security protection for users, responding: "We’ve built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad)."[25]

A second clause that brought criticism from some users allowed Facebook the right to sell users' data to private companies, stating "We may share your information with third parties, including responsible companies with which we have a relationship." This concern was addressed by spokesman Chris Hughes, who said "Simply put, we have never provided our users' information to third party companies, nor do we intend to."[26] Facebook eventually removed this clause from its privacy policy.[27]

Previously, third party applications had access to almost all user information. Facebook's privacy policy previously stated: "Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers use any personal information."[28] However, that language has since been removed. Regarding use of user data by third party applications, the ‘Pre-Approved Third-Party Websites and Applications’ section of the Facebook privacy policy now states:

In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre-approved third party websites and applications that use Platform at the time you visit them (if you are still logged in to Facebook). Similarly, when one of your friends visits a pre-approved website or application, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website). In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy…You can disable instant personalization on all pre-approved websites and applications using your Applications and Websites privacy setting. You can also block a particular pre-approved website or application by clicking "No Thanks" in the blue bar when you visit that application or website. In addition, if you log out of Facebook before visiting a pre-approved application or website, it will not be able to access your information.

In the United Kingdom, the Trades Union Congress (TUC) has encouraged employers to allow their staff to access Facebook and other social-networking sites from work, provided they proceed with caution.[29]

In September 2007, Facebook drew a fresh round of criticism after it began allowing non-members to search for users, with the intent of opening limited "public profiles" up to search engines such as Google in the following months.[30] Facebook's privacy settings, however, allow users to block their profiles from search engines.

Concerns were also raised on the BBC's Watchdog programme in October 2007 when Facebook was shown to be an easy way in which to collect an individual's personal information in order to facilitate identity theft.[31] However, there is barely any personal information presented to non-friends - if users leave the privacy controls on their default settings, the only personal information visible to a non-friend is the user's name, gender, profile picture, networks, and user name.[32]

In addition, a New York Times article in February 2008 pointed out that Facebook does not actually provide a mechanism for users to close their accounts, and thus raised the concern that private user data would remain indefinitely on Facebook's servers.[33] However, Facebook now gives users the options to deactivate or delete their accounts, according to the Facebook Privacy Policy. "When you deactivate an account, no user will be able to see it, but it will not be deleted. We save your profile information (connections, photos, etc.) in case you later decide to reactivate your account." The policy further states: "When you delete an account, it is permanently deleted from Facebook."[23]

A third party site, USocial, was involved in a controversy surrounding the sale of fans and friends. USocial received a cease-and-desist letter from Facebook and has stopped selling friends.[34]

Inability to voluntarily terminate accounts

Facebook had allowed users to deactivate their accounts but not actually remove account content from its servers. A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. A New York Times article noted the issue, and also raised a concern that emails and other private user data remain indefinitely on Facebook's servers.[35]

Facebook subsequently began allowing users to permanently delete their accounts in 2010. Facebook's Privacy Policy now states: "When you delete an account, it is permanently deleted from Facebook."[23]

... ... ...

Quit Facebook Day

Quit Facebook Day was an online event which took place on May 31, 2010 (coinciding with Memorial Day), in which Facebook users stated that they would quit the social network, due to privacy concerns.[54] It was estimated that 2% of Facebook users coming from the United States would delete their accounts.[55] However, only 33,000 users quit the site.[56]

... ... ...

Tracking cookies

Facebook has been criticized heavily for 'tracking' users, even when logged out of the site. Australian technologist Nik Cubrilovic discovered that when a user logs out of Facebook, the cookies from that login are still kept in the browser, allowing Facebook to track users on websites that include "social widgets" distributed by the social network. Facebook has denied the claims, saying they have 'no interest' in tracking users or their activity. They also promised after the discovery of the cookies that they would remove them, saying they will no longer have them on the site. A group of users in the United States have sued Facebook for breaching privacy laws.[citation needed]

Read more at Facebook as Giant Database about Users

Google search monopoly

Google wants to be a sole intermediary between you and Internet. As Rebecca Solnit pointed out (Google eats the world):

Google, the company with the motto "Don't be evil", is rapidly becoming an empire. Not an empire of territory, as was Rome or the Soviet Union, but an empire controlling our access to data and our data itself. Antitrust lawsuits proliferating around the company demonstrate its quest for monopoly control over information in the information age.

Its search engine has become indispensable for most of us, and as Google critic and media professor Siva Vaidhyanathan puts it in his 2012 book The Googlization of Everything,

"[W]e now allow Google to determine what is important, relevant, and true on the Web and in the world. We trust and believe that Google acts in our best interest. But we have surrendered control over the values, methods, and processes that make sense of our information ecosystem."

And that's just the search engine. About three-quarters of a billion people use Gmail, which conveniently gives Google access to the content of their communications (scanned in such a way that they can target ads at you).

Now with Prism-related revelations, those guys are on the defensive as they sense a threat to their franchise. And the threat is quite real: if Google, Microsoft, Yahoo all work for NSA, why not feed them only a proportionate amount of your searches. And why not feed them with "search spam"?

Now with Prism-related revelations, those guys are on the defensive as they sense a threat to their franchise. And the threat is quite real: if Google, Microsoft, Yahoo all work for NSA, why not feed them only a proportionate amount of your searches. And why not feed them with "search spam"?

One third to Google and one third to Bing with the rest to https://duckduckgo.com/ (Yahoo uses Bing internally). You can rotate days and hope that the level of integration of searches from multiple providers is a weak point of the program ;-). After all while Google is still better on some searches, Bing comes close on typical searches and is superior in searches about Microsoft Windows and similar Microsoft related themes. It is only fair to diversify providers.

Here is one take from Is Google a threat to privacy from Digital Freedoms

Google’s motto may be ‘don’t be evil’ but people are increasingly unconvinced that it is as good as it says it is. The Guardian is currently running a poll asking users ‘Does Google ‘do evil’?’ and currently the Guardian reading public seems to think yes it does. This is partially about Google's attempt to minimize taxes in the UK but there are other concerns that are much more integral to what Google is about. At its core Google is an information business, so accusations that it is a threat to privacy strike at what it does rather than just its profits.

Google recently got a slap on the wrist by Germany for its intrusion of privacy through its street view and received a $189,225 fine. This was followed in April with several European privacy regulators criticizing the company for how it changed its privacy policy in 2012. Google attempted to simplify its privacy policy by having one that would operate across its services rather than the 70 different ones it had. Unfortunately it was not transparent in how it implemented the changes bringing the ire of the European regulators. This was followed by not implementing their suggested changes leading to the regulators considering more fines.

Facebook’s inventory of data and its revenue from advertising are small potatoes compared to Google. Google took in more than 10 times as much, with an estimated $36.5 billion in advertising revenue in 2011, by analyzing what people sent over Gmail and what they searched on the Web, and then using that data to sell ads. Hundreds of other companies (Yahoo, Microsoft, Amazon to name a few) have also staked claims on people’s online data by depositing cookies or other tracking mechanisms on people’s browsers. If you’ve mentioned anxiety in an e-mail, done a Google search for “stress” or started using an online medical diary that lets you monitor your mood, expect ads for medications and services to treat your anxiety.

In other words stereotyping rules in data aggregation. Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.”

Even though laws allow people to challenge false information in credit reports, there are no laws that require data aggregators to reveal what they know about you. If I’ve Googled “diabetes” for my mother or “date rape drugs” for a mystery I’m writing, data aggregators assume those searches reflect my own health and proclivities. Because no laws regulate what types of data these aggregators can collect, they make their own rules.

In another post Frank Schaeffer (Google, Microsoft and Facebook Are More of a Threat to Privacy Than the US Government, June 7, 2013) thinks the Google and other companies actually represent a different threat then the government due to viewing themselves as a special privileged caste:

It’s amazing that there are naive people who worry about government intrusion into our privacy when we already gave away our civil rights to the billionaires in Silicon Valley. The NSA is taking note of our calls and emails, but anyone – me included! — who uses the internet and social media has already sold out our privacy rights to the trillion dollar multinational companies now dominating our lives and – literally – buying and selling us.

The NSA isn’t our biggest worry when it comes to who is using our calls, emails and records for purposes we didn’t intend. We are going to pay forever for trusting Google, Facebook. Microsoft, AOL and all the rest. They and the companies that follow them are the real threat to liberty and privacy.

The government may be wrong in how it is trying to protect us but at least it isn’t literally selling us. Google’s and Facebook’s et al highest purpose is to control our lives, what we buy, sell, like and do for money. Broken as our democracy is we citizens at least still have a voice and ultimately decide on who runs Congress. Google and company answer to no one. They see themselves as an elite and superior to everyone else.

In fact they are part of a business culture that sees itself not only above the law but believes it’s run by superior beings. Google even has its own bus line, closed to the public, so its “genius” employees don’t have to be bothered mingling with us regular folk. A top internet exec just ruined the America’s Cup race by making it so exclusive that so far only four groups have been able to sign up for the next race to be held in San Francisco because all but billionaires are now excluded because this internet genius changed the rules to favor his kind of elite.

Google and Facebook have done little-to-nothing to curb human trafficking pleading free speech as the reason their search engines and social networks have become the new slave ships “carrying” child rape victims to their new masters internationally. That’s just who and what these internet profiteers are.

Face it: the big tech companies aren’t run by nice people even if they do make it pleasant for their workers by letting them skateboard in the hallways and offering them free sushi. They aren’t smarter than anyone else, just lucky to be riding a new tech wave. That wave is cresting.

Lots of us lesser mortals are wondering just what we get from people storing all our private data. For a start we have a generation hooked on a mediated reality. They look at the world through a screen.

In other words these profiteers are selling reality back to us, packaged by them into entertainment. And they want to put a computer on every desk to make sure that no child ever develops an attention span long enough so that they might actually read a book or look up from whatever tech device they are holding. These are the billionaires determined to make real life so boring that you won’t be able to concentrate long enough pee without using an app that makes bodily functions more entertaining.

These guys are also the world’s biggest hypocrites. The New York Times published a story about how some of the top executives in Silicon Valley send their own children to a school that does not allow computers. In “A Silicon Valley School That Doesn’t Compute” (October 22, 2011) the Times revealed that the leaders who run the computer business demand a computer-free, hands-on approach to education for their own children.

Usage of home Web Proxy is a must

This new situation makes usage of Web proxy at home a must. Not to protect yourself ( this is still impossible ), but to control what information you release and to whom. See Squid. It provides powerful means to analyze your Web traffic as well as Web site blocking techniques:

In my experience, Squid’s built-in blocking mechanism or access control is the easiest method to use for implementing web site blocking policy. All you need to do is modify the Squid configuration file.

Before you can implement web site blocking policy, you have to make sure that you have already installed Squid and that it works. You can consult the Squid web site to get the latest version of Squid and a guide for installing it.

To deploy the web-site blocking mechanism in Squid, add the following entries to your Squid configuration file (in my system, it’s called squid.conf and it’s located in the /etc/squid directory):

acl bad url_regex "/etc/squid/squid-block.acl"
http_access deny bad

The file /etc/squid/squid-block.acl contains web sites or words you want to block. You can name the file whatever you like. If a site has the URL or word listed in squid-block.acl file, it won’t be accessible to your users. The entries below are found in squid-block.acl file used by my clients:

.oracle.com
.playboy.com.br
sex
...

With the squid-block.acl file in action, internet users cannot access the following sites:

You should beware that by blocking sites containing the word “sex”, you will also block sites such as Middlesex University, Sussex University, etc. To resolve this problem, you can put those sites in a special file called squid-noblock.acl:

^http://www.middlesex.ac.uk
^http://www.sussex.ac.uk 

You must also put the “no-block” rule before the “block” rule in the Squid configuration file:

...
acl special_urls url_regex "/etc/squid/squid-noblock.acl"
http_access allow admin_ips special_urls

acl bad url_regex "/etc/squid/squid-block.acl"
http_access deny bad
...

Sometimes you also need to add a no-block file to allow access to useful sites

After editing the ACL files (squid-block.acl and squid-noblock.acl), you need to restart Squid. If you install the RPM version, usually there is a script in the /etc/rc.d/init.d directory to help you manage Squid:

# /etc/rc.d/init.d/squid reload

To test to see if your Squid blocking mechanism has worked, you can use your browser. Just enter a site whose address is listed on the squid-block.acl file in the URL address.

In the example above, I block .oracle.com, and when I try to access oracle.com, the browser returns an error page.

Limiting your activity on social sites

Vanity fair posting should probably now be severely limited. Self-exposure entails dangers that can became evident only in retrospect. The key problem is that nothing that you post is ever erased. Ever. Limiting your activity in social network to few things that are of real value, or what is necessary for business or professional development, not just vanity fair staff or, God forbid, shady activities is now a must.

And remember that those days information about your searches, books that you bought on Amazon, your friends in Facebook, your connections in LinkedIn, etc are public. If you want to buy a used book without it getting into your database, go to the major city and buy with cash.

Also getting you own email address and simple web site at any hosting site is easy and does not require extraordinary technical sophistication. Prices are starting from $3 per month. Storing your data on Facebook servers might cost you more. See Guide for selecting Web hosting provider with SSH access for some ideas for programmers and system administrators.

Conclusions: Death of Privacy

In a way the situation with cloud sites providing feeds to spy on the users is a version of autoimmune disease: defense systems are attacking other critical systems instead of rogue agents.

As we mentioned before, technological development has their set of externalities. One side effect of internet technologies and, especially, cloud technologies as well as wide proliferation of smartphones is that they greatly simplify "total surveillance." Previously total surveillance was a very expensive proposition, now it became vey cheap. In a way technological genie is out of the bottle. And it is impossible to put him back. Youtube (funny, it's another site targeted by NSA) contains several informative talks about this issue. From the talk:

“This is the current state of affairs. There is no more sense of privacy. Not because it’s been ripped away from you in some Orwellian way, but because you flushed it down the toilet”.

All-in-all on Internet on one hand provides excellent, unique capability of searching information (and search sites are really amplifiers of human intelligence) , but on the other put you like a bug under microscope. Of course, as so many Internet users exists, the time to store all the information about you is probably less then your lifespan, but considerable part of it can be stored for a long time (measured in years, not months, or days) and some part is stored forever. In other words both government and several large companies and first of all Facebook and Google are constantly profiling you. That's why we can talk about death of privacy.

Add to this a real possibility that malware is installed on your PC (and Google Bar and similar applications are as close to spyware as one can get) and situation became really interesting.

Looking at the headlines about the government’s documents on how to use social networking and it’s surprising that anyone thinks this is a big deal. Undercover Feds on Facebook? Gasp! IRS using social networking to piece together a few facts that illustrate you lied about your taxes? Oooh.

Give me a break. Why wouldn’t the Feds use these tools? They’d be idiots if they didn’t. Repeat after me:

Let’s face it; folks are broadcasting everything from the breakfast they eat to their bowel movements to when and where they are on vacation. They use services that track every movement they make (willingly!) on Foursquare and Google Latitude. Why wouldn’t an FBI agent chasing a perp get into some idiot’s network so he can track him everywhere? It’s called efficiency people.

Here are some simple measures that might help, although they can't change the situation:

Again, none of those measures change the situation dramatically, but each of them slightly increase the level of your privacy.