Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Social Networks Privacy

How To Block the NSA From Your Friends List 224

Atticus Rex writes "The fact that our social networking services are so centralized is a big part of why they fall so easily to government surveillance. It only takes a handful of amoral Zuckerbergs to hand over hundreds of millions of people's data to PRISM. That's why this Slate article makes the case for a mass migration to decentralized, free software social networks, which are much more robust to spying and interference. On top of that, these systems respect your freedom as a software user (or developer), and they're less likely to pepper you with obnoxious advertisements." On a related note, identi.ca is ditching their Twitter clone platform for pump.io which promises an experience closer to the Facebook news feed. Unfortunately, adoption seems slow since Facebook, Google, et al have an interest in preventing interoperability and it can be lonely on the distributed social network.
This discussion has been archived. No new comments can be posted.

How To Block the NSA From Your Friends List

Comments Filter:
  • by Anonymous Coward

    Never take a picture of it or video of it. Lock it in a safe. That might work, but we can't be sure.

  • what's so distributed about identica and what's so good about pumping your updates to everyone on the distributed network? or plenty of key exchanging.

    more to the point has someone done a distributed tor like social network with client side encryptions and easy key exchanges for adding new friends? like, is there anything we could move on to then..

    • by Hatta ( 162192 )

      more to the point has someone done a distributed tor like social network with client side encryptions and easy key exchanges for adding new friends? like, is there anything we could move on to then..

      Yes, that's RetroShare. It uses the PGP web of trust model to provide end to end encrypted equivalents email, IRC, file transfer, status feeds, newsgroups, and more. The only people who can actually prove you're on the network are those you are connected directly to. If you're doing it right those will be tr

    • "more to the point has someone done a distributed tor like social network with client side encryptions and easy key exchanges for adding new friends?"

      Yes, they have. Like Tor, it's slow. Like Tor, it draws shady characters. Worse than Tor, you'll possibly be exposed to child porn sites - it's notorious for Lolita and Pedobear crap. But, it's there.

      http://www.i2p2.de/ [i2p2.de]

      Make of it what you will - if enough people start using it, maybe the Lolita crowd will be less visible.

  • by TWiTfan ( 2887093 ) on Tuesday June 18, 2013 @07:34AM (#44038117)

    A decentralized social site isn't very useful if none of my friends are on it.

  • by Anonymous Coward on Tuesday June 18, 2013 @07:36AM (#44038129)

    The internet started far more distributed than it is now, and people flocked en-mass to centralized networks to which they could give complete control over their data and communications. People do not think beyond their immediate personal convenience, so any such idea for the long term good is doomed from the start if it requires the slightest bit of forethought.

    • People do not think beyond their immediate personal convenience

      And why is that? Is it:

      A) They're stupid (and we who understand the Truth get to feel superior, yay!)

      B) About 90% of the population gets about 90% of their information from corporate-controlled sources, and are bombarded literally thousands of times a day with messages about how they should choose convenience

      C) other, please specify

      • A) They're stupid (and we who understand the Truth get to feel superior, yay!)

        B) About 90% of the population gets about 90% of their information from corporate-controlled sources, and are bombarded literally thousands of times a day with messages about how they should choose convenience

        These are likely the most influential factors.

      • C) "B" as a consequence of "A" except that s/stupid/ignorant ? I don't really see a way out of it. It would take a HUGE event to knock most people loose -- and what could be larger than wide-spread awareness that our constitution is being trampled on? To wit, I ask several friends and family members [who aren't awake] what they think about the recent NSA revelation, and one of two things happen: (1) we discuss for a moment the implications and I try to impart wisdom, at which point the discussion devol
    • > will never happen: requires forethought

      No, it only requires forethought by the people who develop it. The developers need to come up with a system that is both reasonably functional and dead easy to use, with all the distributed security stuff is in the background and not the main selling point.

      It is kinda like piracy and DRM - you only need one pirate to rip / crack something and it will end being spread by thousands of people who don't even think about how it was originally cracked.

    • IMHO the reason it will or won't happen is entirely up to the FCC and their Network Neutrality rules. I believe the NetNeutrality rules as written (10-201) protect the fully symmetry of the internet. I.e. my right for clients on the internet to not be blocked from my server, even if my server is sitting in my living room connected to GoogleFiber as my residential ISP. Google, and historically the FCC, have seemed to disagree, and believe it is the place of residential citizens to not host servers that co

  • by 140Mandak262Jamuna ( 970587 ) on Tuesday June 18, 2013 @07:38AM (#44038151) Journal
    People who take privacy seriously, people who are willing to jump through hoops to protect their privacy, people who are upset about government spying are a small minority. Corporations have been powerful, more powerful than governments for a long time. JPMorgan bailed out the U.S government in the early 20th century. The East India Company ruled entire India till 1856. Now a days the multinational companies pledge or feel no allegiance to any government and they are more powerful than ever.

    Still even people who take privacy seriously obsess over government spying and not the corporate spying. People are voluntarily signing over their privacy rights to corporations more powerful than the governments for peanuts. "One bag of peanuts free if you let us eternal access to all your private data" The line will wind around the block in no time.

    Problem 1: Most people don't take privacy seriously.

    Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations

    Problem 3: There is no profit in helping people keep their data private to balance the profit to be made by exploiting the private data.

    • by Anonymous Coward on Tuesday June 18, 2013 @07:50AM (#44038239)

      I grab a coffee near every work day on lunch, and the cashiers practically get pissed at me for not signing up for that gas stations "club", since I'd get a free coffee after five. I tried explaining to them I don't need them tracking me via scanning my card so I can save $1.50 a week, but they don't seem to understand. Instead now, I just tell them I'm an asshole. It's much more simple, and they only ask me half the time now.

      • by Nyder ( 754090 )

        I grab a coffee near every work day on lunch, and the cashiers practically get pissed at me for not signing up for that gas stations "club", since I'd get a free coffee after five. I tried explaining to them I don't need them tracking me via scanning my card so I can save $1.50 a week, but they don't seem to understand. Instead now, I just tell them I'm an asshole. It's much more simple, and they only ask me half the time now.

        They are pissed at you because you leave a crappy tip.

      • They're minimum wage employees reading off a script, they could care less whether you sign up or not.

        • Fair point, it seems. I can't imagine a wage-slave hourly cog actually investing any emotion in the fact they can't recruit GPP into the "tagged and traced free-range consumer" herd.

          Maybe they're missing out on some kind of incentive bonus because GPP keeps refusing.

        • by fazey ( 2806709 )
          ffs it is COULD NOT care less. If they COULD care less, it means they care some.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        You are an asshole, that is why they don't like you. They don't care why you don't want one but you feel obligated to tell them and I assume it is in a snippy manner as well. When asked if you want their bonus card, just say "no thanks" or "I'm not interested" and move along. The person at the register is probably not the business owner, the manager, or the owner. Why would you think they cared about your ideals or weather you ever come back again? Do you argue with the homeless people asking for money

      • There's a giant urban department store near me. The cashiers actually recognize me as the only customer who doesn't give his address info for a cash purchase. Teller I've never seen before the other day: "Zip code?" "I don't give that out." "Oh right, you're that guy."

        • by ceoyoyo ( 59147 )

          In Canada I never pass up the chance to give my postal code as H0H0H0, which is a real code that belongs to Santa, of course.

      • The Do Not Track Coffee Club Card!

        With every thousandth purchase, we remove one of your SSN digits from our database!
      • Comment removed based on user account deletion
    • by coId fjord ( 2949869 ) on Tuesday June 18, 2013 @07:53AM (#44038267)

      Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations

      You're generalizing.

      Also, while corporations can have a lot of influence, there are few that can ruin your life as well as a government can.

      • Also, while corporations can have a lot of influence, there are few that can ruin your life as well as a government can.

        Yes, but lots of people keep saying 'teh guberment is teh evil', but saying 'rah rah' to corporations and act like as long as someone is making a profit, that's how it's supposed to be.

        The reality is what the government can't spy on you for, the corporations are more than happy to take up the slack -- or at least they get forced to hand over the data.

        Between them, you're losing your rights

        • I agree with you, but it's not really the corporations who ruin your life (although they help the government do so).

    • A corporation is motivated to make money. A government is motivated to maintain control

      A company like Google has no motivation to use my private information to frame me and lock me away. It would be counter to their interest. The only motivation Google has is to use the information to sell me stuff. And guess what - not only do they do that, they ADMIT FREELY to doing it. And I really don't have a problem with it because ads do not sway my opinions very much because I am an intelligent person.

      The government

  • by rasmusbr ( 2186518 ) on Tuesday June 18, 2013 @07:48AM (#44038225)

    If a service does not charge you money the service will either 1) spy on you and sell your information, 2) bombard you with advertisement or 3) fail (or a combination of the three). When Facebook promises that their service will always be free they're really promising you that they will always either bombard you with ads or spy on you or both. You'll get what you pay for.

    Email is failing, albeit slowly. Back in the olden days you used to pay your ISP for email. Now you don't, so you'll get what you pay for. Email is still decentralized and maybe there's a founder effect that keeps it decentralized for now, maybe because the cost of changing it would be too high, but sooner or later email will fade away and be replaced by a small number of walled gardens that are funded by advertisement and/or spying and that communicate with one another by special agreements between the owners of the walled gardens.

    If you want ad-free decentralized communication to win, the first thing you need to figure out is how you're going to get people to pay for it. It might be enough for each user to pay a dollar a month, but getting them to do that will not be easy, because the wast majority users will never suffer any adverse effect from the spying, so for them paying for a spy-free social network is basically an insurance plan.

    I think that the only way that the decentralized social web and, in the long run, the decentralized web itself could realistically win is if the amount of ads eventually grows so large and annoying and immune to ad-blockers that people become prepared to pay for services just to get rid of the ads.

    • by Comboman ( 895500 ) on Tuesday June 18, 2013 @08:19AM (#44038481)

      If a service does not charge you money the service will either 1) spy on you and sell your information, 2) bombard you with advertisement or 3) fail (or a combination of the three).

      If you remove "If a service does not charge you money" from your statement, it is still true. I pay a monthly charge for my phone service plus an additional charge for every text message I send, but all that money I spent doesn't stop the phone company from logging my "metadata" and selling it to the government (and god knows who else). Whether you pay for a service with cash or ad views, you're just a vulnerable to spying. Stop focusing on how services are paid for and focus on who is controlling them. Controlling them yourself (e.g. running your own email server on hardware you control) is ultimately the best solution.

      • What will do if and when Google and Facebook et al decide to charge you money for sending email to their users from your domain?

        Another problem is that there are already some third party sites and services that won't allow you to sign up with a non-Google/Microsoft/etc email address. Do you have time to complain each time you run into one of those services? I don't, I just sign up with my Gmail address. I should know better, but the path of least resistance is hard to resist.

    • It is worth noting that even if you do pay for a service, it most like still still spy on you, and well your information to advertisers; But this is not guaranteed. But something that is guaranteed is that the second the government comes knocking they going to hand over everything they have on you.

  • I wouldn't call a person who respects a warrant/subpoena/wiretapping request that is deemed legal in his jurisdiction "amoral" per se.

    On the other hand, there was a time when we called those who had the guts to stand up for his beliefes, even the authorities heroes and not traitors.

    Well, I guess it's up to history to decide who was what.

    • by Xest ( 935314 )

      Amoral because he harvests data and builds links from it that weren't explicitly provided and holds them in an easily searchable and mineable manner.

      The only reason the warrants can be issued in the first place is because he holds said data in an unsecured well archived manner precisely so it can be handed over to anyone who asks nicely enough.

      Were for example data to be stored in a more secure manner and data not farmed (sometimes illegally according to some jurisdictions Facebook does business in) then th

      • Amoral because he harvests data and builds links from it that weren't explicitly provided and holds them in an easily searchable and mineable manner.

        But that's the whole point of facebook and why people use it. People upload their addressbook to facebook for facebook to make those links. They're making links between their farmville crops, their face and their friends pictures, and links to their favourite music, movies, icecream..... Without those links, facebook would be as usefull and as much fun as a phonebook and an email client.

        I won't comment on if this is a smart thing to do, but it's the users that shovel data into facebook - and expect it to be

        • by Xest ( 935314 )

          No they don't, people use Facebook to communicate with their friends sharing the data they provide.

          Whilst I agree it's utterly naive of them, most users are entirely unaware that masses more data about them is inferred from the very little data they provide. Most are even unaware that even their conversations are being farmed.

          Most people probably accept that if they like a product then any announcements for that product will be marketed to them, some understand that Facebook builds up a social graph of who

          • No they don't, people use Facebook to communicate with their friends sharing the data they provide.

            True. But fails as a theory as it doesn't explain the observation that people now flock to FB. If it was only about communicating and sharing their photos, they could do it with plain oldfashioned email and ICQ. (MSN, whatsapp, whatever)

            Whilst I agree it's utterly naive of them, most users are entirely unaware that masses more data about them is inferred from the very little data they provide.

            M theory is that people want to have those data, too.

            Girls want their picture to pop up their profile when that cute guy they spotted last night at the club searches the checkins for that cute girl he saw. And the other way round. (They even risk that the ugly guy/girl find

            • by Xest ( 935314 )

              "True. But fails as a theory as it doesn't explain the observation that people now flock to FB. If it was only about communicating and sharing their photos, they could do it with plain oldfashioned email and ICQ. (MSN, whatsapp, whatever)"

              How? Their friends don't use these tools anymore. Facebook has a monopoly on the social graph and the only way to stay in touch with all your friends is to use it. You can't make all your friends leave it for something new, because they'd need all their friends to leave it

              • "True. But fails as a theory as it doesn't explain the observation that people now flock to FB. If it was only about communicating and sharing their photos, they could do it with plain oldfashioned email and ICQ. (MSN, whatsapp, whatever)"

                How? Their friends don't use these tools anymore. Facebook has a monopoly on the social graph and the only way to stay in touch with all your friends is to use it. You can't make all your friends leave it for something new, because they'd need all their friends to leave it for something new too, who would need all their friends... and so on.

                That#s circular reasoning. WHY did their first bunch of friends go to facebook? It explains as a network effect why fb is still growing and people still sign up and why it is so difficult to start a new service. But still: When everyone goes to facebook because everyone else is on facebook too, why did people go there when everyone else was on email and ICQ.

                "But all that is not my original point: facebook data mining may or may not ne amoral, but if Zuckerberg should count as an amoral person, it shouldn't be for respecting court or administration orders. That's neither moral nor unmoral, it's plain normal."

                I agree with you here but I don't think anyone was necessarily saying he was amoral for respecting court orders, but being amoral for having a reason to be issued court orders in the first place, again, as I say, by hoarding data on people, much of which is against their will or knowledge.

                Yes. But still the wording "amoral" is a judgement that should not be part of a summery without further explanation.

                • by Xest ( 935314 )

                  "That#s circular reasoning. WHY did their first bunch of friends go to facebook?"

                  Facebook then was very different to Facebook now. Back then it was a startup just trying to get viewers by providing useful tools without doing anything much fancy, now it's a massive scale data mining operation reaching well beyond the boundaries of just the data entered. It is circular reasoning because moving people away from it is a catch 22 situation, but I'm not sure why you view that as a problem, it's just the way it is

    • Amoral if you do, terrorist if you don't.
      Can't win.

    • by Hatta ( 162192 )

      Enforcing an unjust law is not just amoral, but immoral. "I was only following orders" is never an excuse.

    • by ceoyoyo ( 59147 )

      I wouldn't either. Mostly because "amoral" doesn't mean what you think it means.

  • Facebook and other social networks are useful because they host your pictures. That is not as useful as it once was because phones have much more storage space and much faster networking than they did 7 years ago.

    I'd like to see a social network app that runs on phones (and PCs, and even big servers for people who need major horsepower because they have a lot of "friends" like celebrities). Maybe with the ability to backstop your media on a variety of sources like dropbox, or even a bittorrent swarm of al

    • You'd need a distributed caching system too, otherwise you're going to find yourself inadvertently DDoSed if your pics go viral.

      The real power of facebook isn't the hosting, it's the promotion. Simply putting the files up on a webserver somewhere isn't going to do any good if people don't go to look at them. Facebook makes that happen, alerting all of your friends (who may be far too numerous to email manually) of the new pics.

    • In case you are a developer, you could help me with an idea I recently had for exactly this kind of app(lication). Based on Apache ZooKeeper. Drop me a line ( you, or anyone else ) if you're interested. I don't care to give the idea away for free; the important thing is that such an app(lication) actually comes to life.
      • I don't care to give the idea away for free; the important thing is that such an app(lication) actually comes to life.

        Ideas are a dime a dozen. See my original post for an example. The hard part is execution.

  • by Anonymous Coward on Tuesday June 18, 2013 @08:07AM (#44038383)

    Just increase the noise.

    Friend EVERYONE.
    Call random numbers from your cell.
    Setup your own spamming mail server.
    Put key words in white text in your posts.
    Start fake twitter/facebook/youtube channels.

    A few million of us generating 2 fake identities each could soon drown out the real data.
    Now, does anyone have Abu Hamzas twitter details?
    Whats the dialing code for North Korea?

  • There's no promise that the owners of ANY social network won't give data over to the government when ordered to (or even simply asked to). Other than the whole issue of the government itself spying, facebook is actually as secure as you make it. Don't add apps. That will help control privacy. Also, you can control who sees EVERYTHING on your account other than the profile picture and "cover" image, which are always public. If you set everything to "friends" only, a non-friend can't even find your profile in
  • I'm not on Facebook. Woo, I win.
  • by nellaj ( 2702743 ) on Tuesday June 18, 2013 @08:13AM (#44038427)
    Send encrypted messages to a broadcast network (make this efficient by having many geographically local "boards"). The decryption key is sent along with the message but is encrypted with each of your friend's public keys. Your friends have to attempt to decrypt each message on the local board: when they find one which they can decrypt then they have successfully received your message. Messages are also cryptographically signed to validate identity and prevent forged messages.
    • Your friends have to attempt to decrypt each message on the local board: when they find one which they can decrypt then they have successfully received your message.

      You can optimize this procedure some, while still retaining anonymity, by including a few short randomly generated blocks at the end of each message you send out (encrypted with the rest of the message). A response to that message could include an unencrypted header like "RE: 9347ab87e87ff", where 9347ab87e87ff was a code in your previous message. Now, you only need to bother with downloading/decoding messages tagged with a header that you've recorded as "belonging" to one of your conversations, and can ski

  • Secret Agent Man... (Score:5, Informative)

    by some old guy ( 674482 ) on Tuesday June 18, 2013 @08:54AM (#44038821)

    He's giving you a number, and taking away your name.

    How can any of us with more database experience than the average five-year-old think that once indentifiable data is in the wild, on any corporate or government server of any kind, all it takes is access to said data for it to be parsed against every other available database and have it filtered to a single common file? Do you really think your credit report, email history, school transcripts, and every bloody thing else can't be centralized once the access door is opened?

    Yeah, go ahead with home-baked encrypted email, abandon Facebook, and use prepaid phones. You're still fucked.

    The government owns us. And it's our own damned faults.

    • Re:...The Prisoner (Score:4, Interesting)

      by Nyder ( 754090 ) on Tuesday June 18, 2013 @09:21AM (#44039089) Journal

      Prisoner: What do you want?
              Two: Information.
              Prisoner: Whose side are you on?
              Two: That would be telling.... We want information...information...information!
              Prisoner: You won't get it!
              Two: By hook or by crook, we will.
              Prisoner: Who are you?
              Two: The new Number Two.
              Prisoner: Who is Number One?
              Two: You are Number Six.
              Prisoner: I am not a number; I am a free man!
              Two: [Laughter]

  • .... Who cannot even afford a lawyer be more likely to stick his neck out to protect his customers privacy against the government?
    And decentralised means it would cost orders of magnitude more money to run, meaning necessarily either far more ads, or everyone being willing to run one at a huge loss.

    Sure, I could see many people running one at a huge loss, but you are not going to get away from 80% of the market, at least, being run by people who can afford to offer better service because they run at a profi

    • And decentralised means it would cost orders of magnitude more money to run, meaning necessarily either far more ads, or everyone being willing to run one at a huge loss.

      Somehow, the whole internet has managed to operate, grow, and thrive just fine on a decentralized model. There's more than one or two companies that operate HTTP servers, or email --- yet that hasn't created an uneconomic impediment to browsing websites or sending/receiving email. Decentralized social networking would work along the same lines: common standards for negotiating/encoding the transmission of data, and everyone and their dog can run their own server (or subscribe to a server service if they're

      • And that is why 99% of the internet has more ads than Facebook.
        And that is why there are so many ads with viruses.

        • Fortunately, not 99% of the internet I visit --- especially with ad/script blocking (and blocking *everything* spewing forth from Facebook's domains). For the decentralized, free internet, I've got a lot of personal autonomy to decide what and where I visit, avoiding the crappy commercialized spammy places. I also have the freedom to be classy hosting my own stuff: not cramming ads and spying down the throats of folks viewing my own corners of the web. When all content is routed through a central (for profi

          • OK, but self censoring 99% of the internet because one does not like big corporations or little guys with ads and viruses is not for 99% of Internet users.

            • self censoring 99% of the internet because one does not like big corporations or little guys with ads and viruses is not for 99% of Internet users.

              Only to the extent that people with the position and know-how to make differences are resigned to living in an ever suckier corporatized world. Setting up a browser with a default AdBlock and NoScript install is a pretty good start --- and pretty easy for 99% of internet users to do (at least with the help of a more tech-savvy friend/relative, who they rely on to get their computer running in the first place) to get a much nicer anticorporate browsing experience. Without insisting everyone totally avoid Fac

              • Yes, but if everyone used adblock 99% of the sites on the internet would be shut down. Most people would not want this and are not selfish enough to contribute to this.

                • 99% of the sites on the internet would be shut down.

                  Or, they would need to find other operating modes that don't rely on pushing hidden costs of intrusive advertising on visitors. Anyway, 99% is quite an overstatement. Every site which already provides an income stream itself automatically stays around: if you're running a web store to sell your products, you won't shut the page down just because everyone blocks the "friend us on Facebook!" tracking button. Otherwise, you can charge subscriptions for content/memberships; solicit donations for your site; focu

                  • No it is not, and there is no other model. The internet does not work if you have to pay to see the content on most of the sites.

                    • there is no other model

                      Really? I take it you've never bought a book? Subscribed to a high-quality periodical operated without advertising? Seen a free performance or presentation put on by enthusiastic hobbyists (at their own expense) for the fun of it, or paid for tickets to a non-free performance? Visited a public library or museum? There are many alternate models, in active use, often producing higher quality results than mass-market ad-supported commercialized dreck.

                      I put up my own web content for various special interest hob

                    • "for literally pocket change even on a student's salary."
                      That is because the cost is directly proportional to its use. It can cost peanuts or even nothing (bundled with the ISP) to host content. But it costs if anyone uses it in bandwidth.
                      It only costs you nothing because the content benefits few to none.

                    • You're talking about Wikipedia: note, Wikipedia isn't ad-laden! Despite serving up a huge volume of material, Wikipedia manages to do so on a community-supported model without advertising and tracking scumbaggery embedded in every page. You want a large-scale functioning example of alternate models, and you've just provided one yourself!

                      Wikipedia is an example of a still centralized, but advertiser independent (donation supported) distribution model. If you wanted a more decentralized Wikipedia-like system,

  • They'll feel that alright. They'll spend the rest of their time friending each other.

  • I live in Cheltenham. Moving my social networking to a decentralised model won't stop The Man snooping on my social network activity; like anyone who lives near Cheltenham several my social network friends work at Cheltenham's Largest Employer anyway. I'd be pretty annoyed if they *weren't* reading my updates. They'd better damned well turn up for Dungeons & Dragons tonight (I've bought pizza, even though I'm skint this month), and we've got the Geek Pub Quiz in a couple of months - if the spooks don't know about that, our team will be completely missing any Tolkien, Lovecraft or Star Trek experts. Two wins in six games, although I suspect our next victory won't be until the Oct/Nov session where Doctor Who will be the main topic. Spooks or no spooks, our team will be all over that one. And I'm kinda hoping that my expression of interest in seeing World War Z (ZED, goddamnit) will mean that one of my kids' godparents will volunteer to babysit.

Avoid strange women and temporary variables.

Working...