The SSL change requires coordination with my host, who has only recently made the option available, but it will happen at some point. Hopefully the change will be transparent.

TOR doesn’t has the scale needed for widespread use, and it is only as strong as the integrity of the people who are participating. It does provide an option, an option that shouldn’t have been needed.

That Onion Pi looks seriously interesting, I’m hoping to have some time to mess with the Pi in the near future, but life has been pretty busy.

PGP certainly has its uses but defeating traffic analysis isn’t one of them and the average Joe Schmuck hasn’t a chance of decrypting that PGP-encrypted email that you sent him. I have a test, I call it the Mom Test. Could my Mom do it? If not, then it’s not viable as a solution. Dilbert’s Mom maybe could do it, but my Mom isn’t Dilbert’s Mom, my Mom is the typical computer user that never really wanted to know anything about computers and uses it only because it’s the easiest way to keep up with her far-flung clan (and get recipes off the Internets, of course!).

Here is an interesting use of your new Raspberry Pi computer… Onion Pi, a Tor-routing wifi router based on Raspberry Pi. Onionlicious. Unfortunately while I use Tor occasionally to look at things that I know would put me on the radar of certain TLA’s, it’s really too slow for much of the web browsing that I do, and some of it — like YouTube — can’t go through Tor anyhow. So it goes.

I have used PGP for years with certain people because it was part of the contract. It was a compromise that meant I didn’t have to constantly go to their offices to deal with minor problems. When what you do affects someone’s core business, they tend to get really nervous about it.

I spent years with people spying on me for spying on them. It was part of the “Great Game” that is espionage/reconnaissance. I was still constrained after I left the military for several years from doing a lot of legal things. I’m free of all that now, so I don’t like them reentering my life to mess with me again just to con Congress into giving them huge amounts of cash for nothing.

well, perhaps it used to be…

“This whole mess is dedicated to crime”

ot1h, that’s just plain scary; otoh, criminals and criminality can be dealt with, which thought somehow make makes the solution to the problem seem a little more manageable.

I did come checking and his fourth star is because he is the commander of the US Cyber Command. Apparently NSA has been absorbed by Cyber Command, and all of the normal NSA functions have been moved to an installation in Georgia.

NSA doesn’t control this mess, Cyber Command does. NSA had 38,000 people when I was in, and now it is down to 20,000. They aren’t doing things the way NSA does them, and that has been annoying me to no end. It isn’t important things as much as the small routine things that were just part of the NSA culture.

This whole mess is dedicated to crime, not to anything military, and NSA is a military organization.

Regarding email, virtually all email on the planet goes to port 25 in the clear via SMTP. Even if you PGP-encrypt the body, the header still has to be in the clear in order to route the email to the destination. The Mixmaster network may still be in operation but is supposedly hopelessly compromised, and is hardly reliable enough to use for normal email anyhow. I send my email between my house and my smtp server (and Google’s smtp server) via SSL, but that just defeats black boxes at the ISP level, not a FISA court order at Google’s end (and I’ll point out that outgoing emails forwarded on from my email server still are in the clear to port 25).

Our entire Internet, in other words, is predominantly “in the clear” and hard to secure against NSA surveillance. I use encryption where I can, but the reality is that Joe Shmuck has no clue or ability to easily do it given that the whole infrastructure of the Internet is fighting against him.

The FISA court is fine for business records, but not for individuals. They would need a warrant from a Federal court, and it could be contested. They would really need to arrest you before they could even ask for the password. That’s why they use the keyloggers and other surveillance techniques. Once they go beyond surveillance they are in regular Federal court.

One word: FISA.

The FISA court isn’t even allowed by its enabling law to ask detailed questions about why the warrant is needed, they’re required to accept the blank statement that it’s needed as part of a terrorism investigation. It is to courts what the right to vote was to Soviet governance — i.e., all form, no susbstance.

Regarding Google, my take on it is that the Feds are mostly interested in email, not in all the other hoards of data that Google possesses. As you correctly point out, they wouldn’t know what to do with the rest of that data, it has nothing of value to them, and furthermore much of it is already publicly available just by going to the Google web site. Note that Google saying they only got a few dozen FISA requests doesn’t mean much if one of those FISA requests was “provide metadata for all email”, which, yes, under the Patriot Act is valid.

Yes, they can get a warrant, but they can’t do it in secret, and you get your day in court. The way things are going, judges may find that they aren’t as easily convinced that the probable cause that is being offered by the DoJ is valid.

The real point of the exercise is to stop the blackmail of the readily accessible information that you generate on the ‘Net.

The contractors who has primarily in charge of this mess can’t secure their own systems, but they know how to have the government pay them to spy on the rest of the country.