The problem: Illegal NSA operations
The NSA and other agencies want all your data, the reason is control. How do they do it: We learned from the Snowden leaks about FoxAcid and Quantum, these are almost impossible to escape from. You are being fed with false responses containing code (software) to compromise your system. Main problem: Your browser is fed with zero day leak responses. My guess is that most responses with information about your system, i.e. YOUR valuable data, will be send using browser responses, (because) this is difficult to detect.
 NSA Utah data center spy cloud where all YOUR emails, cell phone calls, internet searches and YOUR other personal data is stored for 50 years |
Your browser is most attacked element of your PC, tablet, phone.
Using the Snowden proposed Qubes, your browser can run in an protected environment on YOUR PC. The problem with this approach is that leaks in Qubes can still send valuable information about you to the internet.
Being paranoid about security I believe there is only one way to prevent this scenario and that is to USE A BROWSER THAT IS NOT ON YOUR PC. Being even more paranoid I could say that Snowden is asking you to start using Qubes.
Solution: Remove the browser from your PC (using remote desktop)
Create a (linux) server with minimal software and a minimal GUI with a browser. Put this on your (home) network, preferably outside your (home) network, shielded by a firewall, and use RDP (over SSH) to access your browser on this machine. Of course, in Firefox you must block ads using e.g. the uBlock Origin plugin and erase cookies e.g. using the Self-Destructing Cookies plugin, and you must customize SSH and activate a firewall to minimize infection. I suggest you rebuild this system automatically every night from a CD (not USB). If the machine is powerful enough you can support multiple users.
Advantages:
- Your browser can never infect your PC, and
- Your browser can never be used to send valuable information from your PC.
Practical note(s):
- Build your RDP server e.g. with ubuntu server, add LXDE (includes Firefox) and xrdp and activate ufw. On your (linux) client PC use Remmina.
- To get get maximum isolation and performance, use a RDP server with two network interfaces, one for connection to the internet and one for connection to your PC.
- As a firewall you can use pfSense, use pfblockerng to filter (corrupting) ads
- You may want to use your switch to seperate the server connection to the PC(s) from the connection to the internet router
- With Remmina you can specify a shared directory on your PC, do NOT install software using a clipboard, in fact uninstall clipit from LXDE
Problem: both bugs/leaks and updates can infect your system permanently
Other things you should be worried about are updates and bugs:
- Updates. Using the man-on-the-middle/side attacks they can send you software updates containing backdoors.
- Bugs: bugs like Heartbleed can infect your system permanently.
How do you know your system is compromised? This can only be done using serious package validation using e.g. Aide (Advanced Intrusion Detection Environment, rpm –verify, and root kit detection (rkhunter, chkrootkit). When in doubt, you should reinstall your system(s) … not many people do this. Note that there is very big problem here: you want to update your system(s) because of a recently discovered bug/leak, but can you trust the updates? More paranoia: On April 8, 2014, support for Windows XP ended (we must move to Windows 8). On about the same day the linux heartbleed bug was officially unveiled (we should not consider Linux).
About hacking into your Wifi
Hacking your Wifi is extremely easy. By adding a Wireless Access Point (Wifi router) close to you, e.g. at your neighbors, and by specifying the same parameters (SSID, mac address) they can make your computers, tablets and phones think they are logging in to your Wifi router while you are in fact using the evil Wifi router. Advice: DO NOT USE WIFI, instead cable your company, home. Besides that, Wifi is very bad for your children (brain development) and bad for you (health, like sleeping problems).
About Whatsapp and Apple’s iCloud
Whatsapp and iCloud claim your communication and data is safe. It is NOT. Yes, your communication is encrypted, and yes, your data is stored securely. But … both Whatsapp and iCloud have the keys to encrypt and decrypt your data. And they will hand it over to law enforcement on request. Maybe an even bigger problem is that both can be hacked. E.g. by the NSA, or some other mysterious hacker making all keys available, then all your data is at risk. As everything gets hacked, the only sensible way to act is: Do not use Whatsapp and do not use Apple. Did I mention already you should never use Google and Microsoft?
The minimum you should do: Block advertisements and trackers on your phone and network
Advertisements and trackers not only make pages load slower but also track you everywhere and can infect your phone(s), tablet(s) and computers. For mobile phone there several alternatives. For a pc you can use uBlock Origin and Self-Destructing Cookies. For a SOHO network you can use the pfSense firewall with the package pfBlockerNG.
About your national secret services
National secret services consist of criminals. They are the armies of the elite and hide behind state security. Our governments and politicians are responsible for what they do but never punish them for their crimes. This makes our governments complicit to all their crimes.
Thank you so much governments and politicians for protecting our basic human rights.
Link(s):
- How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID – Bruce Schneier
- Edward Snowden Explains How To Reclaim Your Privacy
- NSA whistleblower William Binney: The ultimate goal of the NSA is total population control – Guardian article by Antony Loewenstein
- How to Spy on Another Person’s Browser: Man-in-the-Middle Attacks
- privacytools.io
- The Heartbleed Bug
