I wonder what happens when you type something like "biodegradable gun" and/or "undetectable gun", "plastic gun", etc. and "airport" in the same search Point is that I'm pretty sure someone is looking. Wouldn't it be foolish not to? Of course the problem (or not?), as already stated, is that it's probably impossible to even scratch the surface with a thousand agents monitoring only tagged posts, calls, etc.

Like, it's so stupid that it almost HAS to work? "Hey, did you get the bomb?" "Yeah, it's under the passenger seat." "Is the IED armed?" "Yup, going off in two hours." "The plan will succeed!"

Random Citizen to Security: "hey, did you hear that?" Guard: "come on, nobody is THAT stupid!"

Justin

Sure, if a security guard heard you say that.

WHen I go to Chase.com to pay credit card bills - I currently have two cards with them - I pay one card, enter the payment, them go to the second account onthe page and pay it. In just those few seconds, the confirmation number on the transaction jumps by a couple thousand. Now that is at one bank, in the middle of the night. Now imagine something tracking credit card transactions at all the banks, not just Chase. Thousands of banks, billions of credit cards. Billions of transactions, and that is just the payments. Add in the charges - what cop show didn't solve a crime by finding the perp had just made a charge at some local store? I make a lot more charges than I do payments - that is the point of a CC. Charge 40 things, make one payment. Now we are tracking billions and billions of transactions, and that is just the CCs. There are no guys just watching.

Billions of emails? Billions of Facebook posts? If there are 10 billion e-messages in a day, a million guys watching would have to peruse 10,000 messages a day. Even the NSA doesn't have a million guys doing that. It takes a LOT to get on their radar.

You ever seen Monster House?

nosaj

Yep.

No, no *guys* at all, 99.99999999% of the job is just software.

Imagine a pyramid where the *middle* level is all citizens, so you have some 300 Million "bricks" just there.
Each of them generates tens to hundreds "searchable" events a day, meaning calls, mails, charging cards, driving, watching TV, surfing, you name it.
No need to monitor every room in your home, what for?, they just monitor a few "circuit junctions" where a lot (not even most) of the data flows through: telephone centrals, ISP providers, the cellphone system, credit card systems, city transport prepaid cards system, ATMs .... if they look at patterns, they can skim the cream, and move it further up the pyramid .... which of course becomes narrower the higher you are.

I bet the top 10 or 20 levels up there are reasonably easy to check, the top 10000 are checkable by humans.
Not 30000 operators (3 x 8 hour shifts of 10000 each) but , say, 1000 guys watching screens, each keeping track of, say, 30 people, and focusing only when "something" happens, most of the time nothing at all.

As in "Suspect #24" is sleping/cooking/taking a shower/walking/etc? ... no big deal.
Parking lot issues him a parking slip? (heīs instantly identified because it contains his plate number or driver license)
Ok, check whether in the next couple hours he buys something in the area, *what* he buys, how long is he unaccounted for (say he left a shop 2 hours ago, has only now picked his car, what could he have done in the area during those 2 hours? , etc.)

In a nutshell, an ocean (literally) of random data can be quickly filtered down to a bucket of useful information.
And itīs easy to look inside a bucket

FWIW I think any of us is *miles* under the pyramid top, no matter what we write ... we lack all the other trigger characteristics.

Personally I fear way more the Credit Card system, with its perfect data collection on where you are, what you buy, when and where, how much you spend, what you drive, how far you drive (by checking fuel consumption), etc.

Not sure what much of this has to do with being a paranoid web surfer?
Was hoping for what things, and solutions, to do to offset malware, crytolockers, viruses, wannacry, sambacry, etc.
Adblockers help block ads, and do not track software helps on tracking, AV for Viruses, and malware.
Security Updates, enabling firewalls, and running a current up to date OS, are all good ideas.
I use a separate OS for Finance, a separate OS, for general surfing.
Keep Partitions containing documents, and spreadsheets, unmounted, or unavailable to the web, when not in use.
What paranoid security ideas do you have?
T

I live in the suburbs. As part of the trickle down in surveillance technology, our local PD uses the in-car dash cams to perform OCR on every license plate that the squad car encounters while patrolling... moving vehicles, parked cars, everything. The cops don't pay attention, but a machine logs all of the licence plate data along with correlated GPS location information into a database. They have the ability to create time based maps of vehicle locations.

The same occurs with the cameras on the busy intersections -- every passing car gets logged into a database. Humans don't bother to look at the data unless it's needed later on. They've solved quite a few crimes by producing an initial suspect list of everyone who was in a particular locale at a given point in time... or even within driving distance of a particular locale at that given point in time. (In my county they charged a guy with murder because he was close enough to get to a crime scene if he drove 90 miles an hour for a half hour!)

The combination of cell phone geolocation and licence plate geolocation provides them with a lot of actionable data. Of course, none of us would like it if we knew how often our names appeared on a list of potential suspects, just because we happened to be within driving distance of a point of interest when something happened.

The aggregated surfing information is no different. Activities get logged and logs get retained. The databases are searchable and discoverable. Google freely admits that they keep every search that you have ever performed. Google histories get used to solve crimes. Google is one of the greatest threats to our privacy, and the people who founded the company have become billionaires by selling the data. It's naive naive to think that nobody cares about our surfing habits.

If you're concerned about surveillance while surfing, the reality is that the people who are spying on us goes far beyond government. Corporations in silicon valley have invested billions of dollars in collecting data about us in the background through executing javascripts in our browser. These companies freely exchange information with one another behind our backs and provide detailed consumer profiles to one another. Their interest in us is not primarily as individuals, their interest in us is primarily as a market population. In aggregate we provide them with data that is worth billions as they sell it to other companies. As individuals we are still valuable to them, though. Our profiles get bought and sold and are used for targeted marketing. It's not at all uncommon for me to receive junk snail mail 1-2 weeks after I search for something new online. They know a lot about us. Why else would I be receiving pop-up ads telling me how to meet hot mature women looking for sex, who live in my zip code? Why do I not receive the ads telling me how to meet hot young women looking for sex?

I'm not sure either. It looks like your thread has been hijacked by the OT Crew.


Your idea to have an isolated box for finance and another for web surfing is a good one. We go a bit farther.

We have a class of dirty surf boxes sitting in a DMZ that get used for anything promiscuous, like web surfing to sites other than trusted financial partner sites. We have an isolated LAN that only gets used for financial transactions. Everything goes through proxy servers that log and retain all traffic. Firewalls rigidly restrict which IP addresses in-house are allowed to talk to which IP addresses on the outside. Nobody is allowed global unrestricted internet access, period. All ethernet packets get sniffed and monitored for intrusion detection and data extrusion recognition. If something happens that triggers the right alert level then connections are severed.

Privately owned Smart Devices and cell phones with cameras are not permitted in the building. Removable media interfaces, like removable drives and USB ports don't exist. We roll our own custom OS kernels so that the OS capabilities are limited to what is needed and approved. Security requires wired networks without any wireless connectivity. Any device connected to the LAN has it's PCB modified so that the traces that provide wireless connectivity are cut. We have multiple isolated LAN and multiple perimeter firewalls, connected in series, separating them, so that multiple firewalls will have to be breached to penetrate the system. We do regular penetration testing. We packet sniff the network packets and monitor inbound/outbound traffic. And yes, we have a honeypot. Having done all of this, we've recognized several perimeter firewall breaches.

Years ago we determined that while installing open source software, specific DNS requests triggered during the install program would trigger widely distributed brute-force OpenSSH attacks originating from China, because linux systems are vulnerable to SSH exploits during the installation process, before system security has been completely configured. As a result we roll our own kernels and prohibit installs and updates from any source other than our private mirrors.

Having done all this, we're still vulnerable, but we're far less vulnerable than the typical home user, who is basically a fish in a barrel waiting to be shot.

One thing that's important to realize is that any device that offers connectivity to any other device is inherently insecure. There are NSA guides available that discuss hardening computer systems if you're interested in reading them. Worried about Echelon or Tempest? Then you need an air gap and a Faraday cage. Anything else can and will be exploited.

If you're interested in security, I'm not sure that leaving drives connected but unmounted is going to help you from anything but the most basic low-privileged attack. Mount is a command that the bad guys know and if they've already got command line access then you're screwed. At that point you need to have a kernel that won't support activities that they want to perform, you need to be sure that there are no compilers present on your system, you need rigid control of installed packages, and you need a computer than cannot reboot from any type of modifiable device. If they're able to write to your hard drive and trigger a reboot then your box is a p4wn. It's best only to allow booting from a customized CD-ROM in a non-CD-RW drive or via an ethernet boot server on the LAN. Home users typically don't worry about these sorts of things.

One thing that's important to remember is that we live in the Age of Surveillance. We use devices that integrated spying features as part of their design concept. Security conscious people like you and me are inclined to try to thrwart these kinds of activities, but the problem is that we're trying to take devices that were designed for spying and render them secure. If I've learned anything from years of experience in network surveillance, that's a fool's errand. When we modify these devices we gain the illusion of security, rather than security itself.

The unfortunate truth is that web browsers are designed to be surveillance devices. If you look at the HTML 5 specification in depth, you'll know exactly what I'm talking about. We like to have the illusion of security in believing that adblockers, DNT software and script blockers will actually protect us, by doing what they represent themselves to be doing. The unfortunate truth is that the developer interface allows a developer to disable such plug ins, ignore your wishes, and use your own computer for their desired purposes, overriding your preferences.

I spent an awful lot of time learning network security, and lately i've attended industry lectures about HTML 5 deployment. Things are changing for the worse if you're concerned about privacy. Basically, your browser is designed to provide bidirectional information exchange under the control of the web developer. The exchange includes information that you're not aware is being transmitted, and there's nothing that you can do to stop it, short of flipping the big red switch. Basically, if you're using a browser then you've opted-in.

We recently studied the mass of javascript that was being imported when a user surfed at a reputable nation-wide big box store that has an online presence. As soon as you visit their welcome page, their javascript directs your browser to visit adobe-tm and download huge libraries of javascript. During your entire surfing experience, vast amounts of information is exchanged between your web browser and multiple third parties who don't really have a legitimate need to know about what you're doing. You can try to disable the scripts with a script blocker like No-Script, you can try to install a DNT add-on, etc., but all of that is meaningless. The developer has an interface to bypass those add-ons while leaving you with the impression that they are still running.

We sniffed the ethernet traffic and learned that even though we assumed that we had buttoned-down the boxes using broswer add-ons, the reality was that lots of information was being transmitted to unauthorized sites. The Adobe Marketing Cloud was the worst offender.

Since it's just not possible for an end user to defeat a web browser's spying activity using the web browser interface, the obvious solution was to snort and inspect the ethernet packets destined for those data sharing sites as they transitioned ethernet layers. We blocked the data transfers at the network packet level. Deep packet inspection & substitution was 100% effective in stopping the egress of confidential information from our network. Of course, when you tamper with these sorts of things you should expect that any feature that is dependent upon successful bidirectional data transfer will be broken in the process. By blocking Adobe we also broke the check out interfaces at most e-commerce sites.

They responded aggressively. Once the snoopers realized that their information packets weren't arriving because we were blocking data transfers, we were added to somebody's "suspicious activity" blacklist that was being sold to third parties. Our IP is now blocked from having any access to some corporate web sites, including the USPS, ostensibly because we engaged in "suspicious activity" by trying to prevent unauthorized data transfers on our private networks.



Evidently, the companies that do spying interpret any attempts to thwart their activities as "suspicious activity" and put you on their troublemaker blacklist. Then they sell that list to third parties as if the IP address belonged to a blackhat hacker.

The unauthorized data exchange problem is pervasive. If you refuse to accept the open data on the cloud paradigm and you fight to protect your own data then you may be branded as a troublemaker and you may be blacklisted. The long and short of it is that we live in the Age of Surveillance and there's nothing you can do to avoid being surveilled, other than to remove the battery from your cell phone and flip the big red switch on your computer -- if you consent to use any modern electronic device then you've opted-in.

If you want to decrease the success rate for spyware then at an absolute minimum you should cron the task of sanitizing your browser profile. That's where they store the low hanging fruit. Look in $HOME/.mozilla/firefox/*/* and see what information is being stored there.

I am sorry, I guess I misunderstood. I though paranoid people online were exactly people thinking "someone" out there was watching them. So in that regard, NSA falls into place. If all we are discussing is keeping the bugs out of our works, then I will delete my input further.

Well, we *are* being watched, all the time.

Not sure if itīs a big deal or not, probably not for us humble average peasants.

To bigtee: adblockers, firewalls, separate machines, the works, are absolutely irrelevant if you connect to the Net, period; they donīt need to look inside your machine, just monitor yourbtraffic, and they do that at the ISP provides, which is out of your reach.

So close your eyes, relax, and enjoy it, we are all being f*cked anyway and thereīs nothing we can do about it.

OMG, they can tell where I have been from my cell phone.

You know, if they want to know that bad, they can just ask me. Today I went to the store and bought beer, a newspaper, and some potato chips. We also drove to a friend's home = bluemonster65 in fact = for his kid's graduation party. Tomorrow we plan to go to breakfast at Big Boy, and then to the grocery for toilet paper, and maybe some ground beef. I might also stop at the gas station for fuel, haven't decided.

Sorry T. I know how your original subject matter was intended, but you know how it goes. And Bob is absolutely right. Every browser and every site that is bigger than small is attempting to monitor you, sometimes nefariously, for their own gains. Where any info ultimately ends up is anyone's guess. Sometimes collected info and targets is sold as "taps". I can do a random check of a distributor in Florida and the very next day I'm getting recorded correspondence ON MY CELL PHONE from cruise ship services that operate out of Florida! If I look at a guitar I used to own on *bay just once for fun to see what it might have been worth I get adds for similar repro shit and *bay sends me notification of similar offerings. I just skim my Email when I cull or I might be able to tell you more about who's trying to dupe me as a result of my web activity. The whole thing is a mess of virtual intuition that skirts the line of invasion of privacy at every turn. And ultimately, if you queue the wrong combination, someone who would suspect you or target you is notified. This does actually seem to be at the heart of your issue. We all know there are worms and cross reference cookies in operation (anyone with an Email account does). Avoiding them seems like sweeping the walk while it's still snowing! Most of the software providers and browsers DO attempt to protect against fruitlessly malicious software. Fruitless meaning it doesn't profit anyone and there's no chance for someone in the middle of the exchange to get a piece of the action. So just pay attention to the notifications. The people that want to profit know what's hazardous on the web before you do and they don't want it to interfere with commerce. And just know that the actual smart ones are watching and have been for a long time.

So, Juan, if I type something like Siberia, bomb, Osama, Trump AND Crab people pizza in the same paragraph you think this won't make the targeted screen?

Ok... I actually don't even know how to be an insane public enemy. It's not like I wake up some mornings with mud on my shoes, a bloody shovel leaned against the garage and fresh dug earth in my back yard.?. Honestly, that never happens, much. But I wouldn't mind screwing with the filtering process for any that would watch

No, my intent was what do paranoid computer users do to keep from getting hacked, and accounts accessed and stolen.
I really don't care what store is monitoring my shopping habits, it's all the malicious computer take overs, and viruses out there, I'm paranoid about.
The biggy now days is all the Cryptolocker software out there, or commonly called ransomware.
I'm also paranoid about any account theft done by hackers.
There will always be google and others keeping up with your where abouts.
This is a computer sub-forum, and I was trying to keep my topic, computer hardware, and software oriented!
Carry-on.
T