HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rt4mn

no profile record

Submissions

Reclaiming Privacy Rights: A Roadmap for Organizations Fighting Surveillance

fas.org
1 points·by rt4mn·2 yıl önce·0 comments

Sen Wyden's New Surveillance Reform Act Reins in the Worst Abuses of Section 702

eff.org
3 points·by rt4mn·3 yıl önce·1 comments

EFF's first take on the first draft of UN Cybercrime Convention Treaty

eff.org
14 points·by rt4mn·3 yıl önce·2 comments

CISOs, Don’t Ignore the FISA Section 702 Debate

lawfareblog.com
2 points·by rt4mn·3 yıl önce·1 comments

The Stop CSAM Act Would Put Security and Free Speech at Risk

eff.org
3 points·by rt4mn·3 yıl önce·1 comments

Watch live: House Intel discusses global threats and (hopefully) surveillence

c-span.org
1 points·by rt4mn·3 yıl önce·1 comments

The FBI’s Most Controversial Surveillance Tool Is Under Threat

wired.com
7 points·by rt4mn·3 yıl önce·2 comments

[untitled]

1 points·by rt4mn·4 yıl önce·0 comments

comments

rt4mn
·2 yıl önce·discuss
yeah... a lot of ink has been spilled over there should be a Warrent requirement for the FBI but imo the data broker loophole is the bigger issue. NSA buys netflow data in bulk for petes sake.
rt4mn
·2 yıl önce·discuss
Section 702 is expiring at the end of the month but whether or not it gets re-authorized by a bill called RISSA is likely going to the floor of the house NEXT WEEK. IF you care about privacy and surveillance, contact your house member and say you want real surveillance and fisa and 702 reform, and that they should only vote for RISSA if three good amendments from the judiciary committee pass, and three bad ammendments from the intellegence committee fail.

The good judiciary ammendments would: requiring fbi obtain a warrant before querying 702 data, close data broker loophole, prohibit restarting "abouts" collection. All good things.

Intel committee ammendments are really bad. expands the definition of Foreign Intelligence Information to include counternarcotics, Unnecessarily expands suspicionless vetting of immigrants, including people allready in in the United States, and Includes one of the biggest expansions of surveillance in recent history, or what Rep. Lofgren calls "Patriot Act 2.0," by expanding the categories of businesses that can be subject to a *gagged directive* under Section 702

This has been an incredibly annoying issue to track and mobilize around because things are moving quickly and behind the scenes but just raising the issue helps. Even if you think your house rep sucks on everything else, its worthwhile to reach out on this issue. Its hard to know where people stand when folks from trump-land and the squad are both calling for reform.
rt4mn
·2 yıl önce·discuss
> Risky Biz (and really anything Patrick Gray touches) is awesome. Would recommend.

Patrick Gray is a good interviewer and news source but he is also a big booster of the American surveillance apparatus, and has spoken against such reasonable reforms as requiring the the FBI get a bloody warrant when it searches for Americans data in the 702 database (data that is collected specifically for foreign intel purposes and thus subject to less constitutional scrutiny). He recently defended the NSA's acquisition of netflow data because the NSA needs it to do its work. as if constitutional privacy rights should give way to a spy agencies priorities.

He is just way to trusting of these agencies abilities to police themselves. I swear his quote when they talked about nsa getting netflow data was something along the lines of "if people only knew how many meetings they had to have before they would understand". Those are both examples I am pulling from memory so don't take them as gospel. And of course, no source of news / commentary is unbiased.

I listen to and enjoy the risky buiz podcast. And institutional trust is a legitimate aspect of security, especially in infosec. I just wish he was more skeptical of western law enforcement and intelligence agencies (he is already more then skeptical of non-western law enforcement and intelligence agencies, which is fine, I just wish he did not give the five eyes countries a pass because we are "the good guys"). He recently interviewed people at NSA headquarters for petes sake.
rt4mn
·2 yıl önce·discuss
Its less "Looks like we need new powers again!"

and more "Please dont take away our post-9/11 powers (702), and not because we forgot how to do our jobs without them we actually do need them for realz!"

See also the terrible op-ed by ex head of NSA in washignton post. https://archive.ph/WfvtR
rt4mn
·2 yıl önce·discuss
This whole thing was a shit show. Very happy Restore the Fourth signed the open letter calling for House Intelligence chair to step down. https://www.freedomworks.org/wp-content/uploads/2024/02/Turn...

And the reason the spooks and their apologists on the HPSCI are so freaked out? because they don't want to have to go to a judge to get Americans data. They would rather secretly buy that data from data brokers.
rt4mn
·3 yıl önce·discuss
This is a big deal. If you care about your privacy, its not enough to use good op-sec. You need to address the source of the problem: the governent is abusing its power, and it needs to stop doing that

This bill is an attempt to fix that. This bill is probably the best hope we currently have of enacting substantive reforms to Section 702, EO 12333, the data broker loophole, and a bevy of other surveillance issues. It even has a section on Cell Site simulators!

If you are curious about some of the details of the bill, you can read a one-page summary of the bill [here](https://www.wyden.senate.gov/imo/media/doc/government_survei...)

Some highlights:

> The Act ends warrantless collection of business records, ensures that the government provides accurate information to the Foreign Intelligence Surveillance Court, and requires meaningful accountability for violations of the law.*

> [The bill] requiring warrants for surveillance of Americans’ location data, web browsing and search records, and by prohibiting the government from purchasing Americans’ data from data brokers.

A section-by-section summary of the bill is [here](https://www.wyden.senate.gov/imo/media/doc/government_survei...)

Read the full bill [here](https://www.wyden.senate.gov/imo/media/doc/government_survei...)

Some more analysis/history [here](https://www.justsecurity.org/89786/the-year-of-section-702-r...)
rt4mn
·3 yıl önce·discuss
Nope. "If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered."

IE, if somone intercepts the SMS code, even with reglock, you can forcibly de-register somone. This means if you use loose access to your phone number, you can easily loose access to your signal account.

https://github.com/signalapp/Signal-Android/issues/12595#iss...

They justify this by saying "The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life", but its way to easy for activists and dissidents to lose ownership (temperately or permanently) of phone numbers for the phone number system to be the backbone identity system for a secure messaging platform
rt4mn
·3 yıl önce·discuss
This is probably going to be a bit of a mini rant, been thinking bout this for a while (10 years in fact).

> Although it is physically impossible for the single guard to observe all the inmates' cells at once, the fact that the inmates cannot know when they are being watched motivates them to act as though they are all being watched at all times. They are effectively compelled to self-regulation.

This is the fundamental idea of the Panopticon, and you see it baked into parts of the modern surveillance State as well. But outside of some workplace and carceral contexts i don't think its actually the direction we are headed. The spooks want the power to actually use the data surveillance gives them, they are not really interested in social control as far as I can tell. At least not yet.

True, most of the data hoovered up by the "Intelligence community" is almost never actually looked at with human eyes, but they are actively trying to work towards building a system whereby all that data is still analyzed and used, or quickly searched with just the right keywords.

The panopticon is useful for illustrating one of the many side dangers of surveillance (namely that it instills fear and stifles expression) but it does not cut to the core issue: Mass surveillance drastically upsets the power balance between the government and the governed.
rt4mn
·3 yıl önce·discuss
I really hope this eventually leads to a situation where an adversary cant forcibly de-link you from your signal account by taking control of your phone number or intercepting an sms.
rt4mn
·3 yıl önce·discuss
For a lot of people, signal is not simply a User-User "texting" type application, but much more akin to slack or discord or matrix.

Many, Many reporters put their signal number in twitter bio seeking tips. Many activists (including me) use signal group chats to organize volenteers and staff, and publicly share room links. In other words, we have to either share our number publicly or buy a burner phone number if we want people to interact with us on signal.
rt4mn
·3 yıl önce·discuss
I mean, I dont agree with the person you are replying to, but signal absolutely is a social network. Its a network you use to communicate socially.

You can argue its not social media, but I think the stories feature definitely puts it on the social media spectrum to some degree.
rt4mn
·3 yıl önce·discuss
Nowadays my go-to source for unbiased (or perhapes better to say "non-partison"), easily digestible information on incredibly complicated topics is CRS: https://crsreports.congress.gov/search/#/?termsToSearch=&ord...

These are the people whose job it is to make complex topics understandable for both parties of congress. Its a fantastic source if you want to set aside 10 minutes to quickly digest a complicated topic.

For a fun example, see some of their reports on Directed Energy Weapons: https://crsreports.congress.gov/product/details?prodcode=R46...

Its not really a news source, but then again you did not actually specify news and I wanted to shill CRS since they do fantastic work, especially given the tightrope they probably have to walk every day.
rt4mn
·3 yıl önce·discuss
First Draft of UN Cybercrime Convention Drops Troubling Provisions, But Dangerous And Open-Ended Cross Border Surveillance Powers Are Back on the Table
rt4mn
·3 yıl önce·discuss
Good day to be a Minnesota hacker.
rt4mn
·3 yıl önce·discuss
Perhaps they misspoke, or perhaps they misunderstood, or perhaps their usage of the term is different then yours or mine. I understood them to mean it in the sense that the FDA holds democratic legitimacy by nature of its assistance as an org within the US government, which is by any reasonable definition a democratic institution.

The point is that its not really relevant to the point they are making, which is that the FDA as an institution has some weird incentives.

> motte-and-bailey.

I'm not familiar with this idiom so I cant say.
rt4mn
·3 yıl önce·discuss
While I agree with the headline (section 702 is a big deal, its the legal loophole authorizing vast swaths of American mass surveillance, and it expires this year), I don't think its a good idea to take infosec advice from one of the governments generals in the 90s crypto wars.

Another think piece by the author pushing for the infamous clipper chip: https://www.wired.com/1994/06/nsa-clipper/
rt4mn
·3 yıl önce·discuss
I feel like thats a deliberate misreading of the parent comment.

Of course the FDA is not, itself, a democratic instution. But then neither is your local police department or NASA. The reason those institutions are accepted despite the lack of direct democratic accountability is because they are still situated within the larger democratic institution (the US government) and subject to oversight by those elected representatives.

If you hate the FDA your best bet is to lobby against it yourself (or help others that do). Its to much of an in-the-weeds issue for it to be a high priority for most lawmakers (unless maybe you live in a district with a lot of businesses regulated by FDA)
rt4mn
·3 yıl önce·discuss
with the caveat that I dont personally use bitcoin, I still think the above description is simpler then using gift credit cards, for a couple of reasons:

- gift cards involves getting in a car and driving to a place to buy them, which introduces annoying logistical issues

- the purchases made on a single card are linked together, so you have to keep track of cards you use for x store and what cards you use for y product (this is also true with bitcoin though, which is why I prefer other more privacy-focused cryptocurrencies)

- with gift cards there is a very high chance that your funds will be rejected or flagged as suspicious. which also limits the amount you can spend to around 100-200 dollers, since any more risks having all the money you put into that card flushed down toilet

I do personally keep a couple of gift cards on hand for the rare occasion I find myself needing to pay for something online and there is no alternative vender that accepts cryptocurrency (usually event tickets or membership subscriptions), but its a pain and I much prefer paying for things with cryptocurrency.

Cryptocurrency is an unregulated and environmentally disastrous ecosystem rife with monopolistic vender lock in, fraud and abuse, and little to no accountability or legal recourse for end users. But that's also true with the credit card / debit card / other electronic payment ecosystem.

At least with cryptocurrency I get a modicum of privacy.
rt4mn
·3 yıl önce·discuss
The bill is quite similar to the EARN-IT act.
rt4mn
·3 yıl önce·discuss
> The conclusion I came to is that a lot of people complain about the impending end of E2EE but very few people are actually willing to do anything about it except whine.

The connection between E2EE and privacy is to ephemeral to make that kind of judgment. If you live in the united states or similar country with a strong rule of law, the idea of paying for or using a specific E2EE app is functionally like asking somone to pay for free speech.

And even if it was more clear, privacy is like free speech in that you cant really measure enthusiasm for it in that way. Free speech and privacy are fundimental values that people dont want to pay for (for good reason!). But that does not mean they dont care.

People really do care about these things. And many many people will change how they vote and how they engage in civic action based on these principals. But asking someone to change how they live/communicate with others requires more then an intelectual "which party / candidate should I vote for?" kind of thing. For most people you need emotional investment for someone to overcome switching costs based on nothing but ethical / political principal.

As long as the harm to losing these core rights remains abstract you wont be to measure how much they care with metrics like that. Its a value that is too ephemeral and disconnected from day-to-day life to measure with a stick like "who will use this app".

But people can and do donate to groups like the EFF, and vote with their actual votes on this stuff. People really do care. Just like how people really do care about honesty, free speech, candor, trust, and other values of that sort. its just, you know, hard to measure.