Ask HN: In light of the PRISM revelations how have you changed?
Have you moved your eMail off Google? Have you deleted your Facebook? Have your political views changed? Have you decided to contribute to a decentralised cryptography project?
Have you just thought of doing something or have you done something different?
[+] [-] bigiain|12 years ago|reply
I've added JottaCloud - a Norwegian cloud storage provider, to get some storage outside US/NSA jurisdiction (and I'm using encjs encrypted storage on there too).
I've made sure all my published GPG keys are still working and have strong passphrases. I've started using GPG again occasionally just for the LULZ - so it'll not stand out quite so obviously if/when I need to use it in anger.
I'm considering my email options. I've got encrypting all non-encrypted email on the way into a mail server working as an experiment, but the questions of where to do that remain - my DigitalOcean VPS is no less likely to be under NSA compulsion than gmail, I don't trust my local (Australian) government to not be leaning just as hard on server hosting suppliers in Australia. I'm currently leaning towards hosting my personal mailserver at home strongly encouraging (or perhaps even enforcing) STARTTLS encrypted mail transport, running via a VPN tunnel to an internet connection at an inexpensive VPS with a non-US based provider. Since much of my mail is local (corresponding with other people inside Australia), I'm trying to decide whether an Australia based VPS perhaps under control of the local intelligence services but not requiring the bulk of my inbound (probably unencrypted) mail to hit any trans-ocean/crossing-national-boundaries backbones, would be a lower risk than a Norwgian or Icelandic based VPS which is more jurisdictionally difficult for ASIO and the NSA but which requires my inbound mail to cross those high-value-target-for-firehose-sniffing cross border backbones.
I've been raising cloud data storage legal jurisdiction based on the cloud's physical location and the cloud company's nationality whenever appropriate at meetings (which gets interesting responses with health/financial/childcare clients, and bored dismissiveness from just about everybody else… "Oh, you're storing PII patient data? Does storing that on Amazon S3, even if encrypted, meet your regulatory requirements?" I'm looking forward to the "Ahhh, so you're providing information to pharmaceutical managed mental health patients. Have you considered the privacy leak that Google Analytics represents? WHat disclosures and/or provacy assurances have you made to your users?" discussion next week…)
[+] [-] ewoodrich|12 years ago|reply
And I've changed almost nothing since the "PRISM revelations". In fact, I've begun to post more under my actual name, without any anxiety over "NSA" activity.
It may have become a cliché, but I always identified with the logic of continuing to fly after 9/11 to not let the "terrorists win". Us vs. them-speak aside, the sentiment holds true that the best means to oppose a new "threat" is to hold course.
If "government overreach" is really as bad as some claim, someone will be jailed for posting some innocuous musings, and will serve as proof and catalyst for meaningful change. But the far worse outcome would be to suppress free expression based on a nebulous fear of government surveillance (the NSA was formed from a WW2 era signals agency that at one point inspected almost all telegraph transmission to and from the US). And yet we still have a tendency to idealize the past as an embodiment of more pure "American values".
[+] [-] Irishsteve|12 years ago|reply
I realised that most likely these types of agencies can get access to your data if they really want. If everyone moved from FB , Goog or whatever they will simply start to spy on the new services people have moved to.
If a service is in Europe it really doesn't matter. They will still snoop or ask another agency to snoop for them. The UK have been snooping on Ireland for a long time http://cryptome.org/jya/gchq-etf.htm
I guess one way to avoid these problems is that people become far more understanding of other peoples dirty secrets, that way it cant be used as leverage. That could hopefully devalue the process of snooping.
[+] [-] nicoschuele|12 years ago|reply
So, I didn't kill my Facebook account as I don't store personal info on it. I didn't kill my Google services as I use encryption to transfer sensitive data (trade secrets and such). Etc.
[+] [-] federicola|12 years ago|reply
Is really naive thinking that "some storage outside US/NSA jurisdiction (and I'm using encjs encrypted storage" will stop government to reach you, because they really don't care about jurisdiction.
[+] [-] bigiain|12 years ago|reply
"Is really naive thinking that …"
I think it makes somewhat more sense for me - since I reside outside the US. I'm reasonably sure that SSL transported encfs encrypted files moving between Australia and Norway - even when routed over US based or US company owned backbones - is reasonably safe from dragnet surveillance.
At the same time, I have no doubt that if "government" becomes interested in me specifically - all my privacy precautions will not stand up to nation-state level scrutiny. The right combination of "leaning on" Apple, Dropbox, and Agilebits (the company behind 1Password) would - given expertise the NSA no doubt has, and sufficient time - eventually reveal almost all my keys, passphrases, and passwords. But then so will the $5 wrench, the rubber hose, or the threat of jail time.
[+] [-] junto|12 years ago|reply
- Looking for European alternatives for server locations: https://news.ycombinator.com/item?id=5993947
- Looking for a good alternative to GMail.
- Looking for a good alternative to sharing photos with family (currently Google Picasa and Google+)
[+] [-] vacipr|12 years ago|reply
+already switched to Linux and started encrypting my hard drives long ago.
The only problem I still have is Facebook.I can't leave because of the groups.
[+] [-] yen223|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]