citytree

Examples of passive defenses against surveillance:

• Privacy Badger
• uBlock Origin
• Using open source Linux rather than Microsoft Windows
• etc.

But why not actively combat surveillance instead of passively defending against it? Examples of active combat:

• AdNauseam
• ScareMail
• Emacs spook.el

We must poison the data of those who are violating our privacy. Let us waste their time, increase their data storage costs, and waste their processing power. Let them drown in an ocean of data. Let them search for tiny needles in huge haystacks, with no way to distinguish between needles and hay.

Some ideas:

• Sending fake data to Google Analytics (How does Google Analytics prevent fake data attacks against an entity's traffic?)
• Create fake contacts lists to mislead those who are building social network graphs.
• Encrypt lots of worthless data, store them in the cloud or send them by email. If the encrypted data is intercepted by any nosy entity, they will have to waste storage space while waiting to be able to break the encryption.

What are some other possible methods?

Let us turn the tables on those who have been violating our privacy. Why do we have to be on the defense? Let us waste their resources in the same way that they are wasting ours!

I am using Firefox ESR on Linux. Does it make any sense to disable hardware acceleration for security reasons?

Whereas Firefox is open source, many hardware drivers, and most computer hardware are not. Enabling hardware acceleration in Firefox means using these non-open-source components, which could be a security risk. My impression is that bugs in drivers and hardware are able to cause far more damage than ones in userland software. Does this reasoning make sense?

For those who have installed Signal Desktop in Linux, do you use an AppArmor profile to harden the program? If so, can you share your AppArmor profile for Signal Desktop?

Are consumer level 3D printers able to print plastic objects of similar quality to ones produced using injection molding? Or is 3D printing useful mostly for the prototyping stage before a design is finalized and a steel mold is produced for injection molding?

Not sure if any of you have encountered the same resistance to using Signal. Some of my cousins refused to use Signal because they are already using "too many chat apps" (e.g. WhatsApp, Facebook Messenger, WeChat, Telegram, Line, Snapchat, etc.). To them, Signal will just be another chat app among their numerous other chat apps. I understand that jumping between so many messaging apps imposes some kind of cognitive and maintenance burden. What are some ways to convince such people to use Signal?

cross-posted from: https://beehaw.org/post/789646

An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.