Tag: NSA

Stop & uninstall Windows Telemetry/Tracking

This has been going around on the ‘Net the past few days. It has been found that Windows 10 uploads data to its servers even when every “feature” and app that normally might be expected to do that is disabled/uninstalled. For example, even if you don’t use the Cortana voice-command feature or Bing search, stuff is still being uploaded to Microsoft servers related to this. And even when users choose to not participate in any sort of customer improvement options and disable any kind of tracking, it is still tracking and uploading things.

maxresdefault

Not only is this a big privacy issue, there is also a system performance issue, as extra CPU cycles must be run and disk and network activity must occur to process these telemetry-related tasks.

And it is also the case that Windows 8.1 and 7 also are now doing this. Microsoft has been adding all these telemetry and tracking aspects to them lately through Windows Update, making them closer to Windows 10.

The advice from many experts now is to not go near Windows 10. Do not install it. Retain your privacy and control over your systems.

Below are instructions for disabling the unwanted telemetry/tracking in Windows 7 and 8.1

Continue reading “Stop & uninstall Windows Telemetry/Tracking”

By updating Windows 7, 8 and 8.1 you are allowing Microsoft to spy on you

There’s been a lot of discussion about Telemetry in Windows as well as avoiding the Windows 10 upgrade. Here is the list of service bulletins we compiled and what they do. It should be noted that even when not installed, they may appear again so this will require some effort on your part. Most people will simply not bother with this but it’s great information for any tech to have at their disposal or simply for research purposes.

d6655803fa1ca967710fc6c164508726

If you have already installed Windows and did a few updates, then head over to Control Panel > Programs and Features > View Installed Updates then go from the top to the bottom through the list to ensure none of them is installed, if you do find one installed, then uninstall it, reboot, then check for updates and once it appears right click on it and hide it.

KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2670838 (This update often breaks AERO on Windows 7 and makes some fonts on websites fuzzy. A Windows 7 specific update only, do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install to avoid this.
KB2952664 (Windows 10 Upgrade preparation)
KB2976978 (Windows 10 Upgrade preparation)
KB2977759 (Windows 10 Upgrade preparation)
KB2990214 (Windows 10 Upgrade preparation)
KB3021917 (Windows 10 Upgrade preparatioon + Telemetry)
KB3022345 (Telemetry)
KB3035583 (Windows 10 upgrade preparation)
KB3068708 (Telemetry)
KB3075249 (Telemetry)
KB3080149 (Telemetry)

this Petition to let users opt out of Windows spying. sign it and protect your privacy!

How to: Get rid off Microsoft’s OneDrive with one file.

With this shellcode you can get rid of Microsoft’s OneDrive plague. Which allows Windows (10) automatically store you private stuff and can be access by Microsoft staff for “juridical” reasons  according to the privacy statement.
Paste this code below in into your favor text editor such as notepad++ (which i recommend).

@echo off
cls
set x86=”%SYSTEMROOT%\System32\OneDriveSetup.exe”
set x64=”%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe”
echo Closing OneDrive process.
echo.
taskkill /f /im OneDrive.exe > NUL 2>&1
ping 127.0.0.1 -n 5 > NUL 2>&1
echo Uninstalling OneDrive.
echo.
if exist %x64% (
%x64% /uninstall
) else (
%x86% /uninstall
)
ping 127.0.0.1 -n 5 > NUL 2>&1
echo Removing OneDrive leftovers.
echo.
rd “%USERPROFILE%\OneDrive” /Q /S > NUL 2>&1
rd “C:\OneDriveTemp” /Q /S > NUL 2>&1
rd “%LOCALAPPDATA%\Microsoft\OneDrive” /Q /S > NUL 2>&1
rd “%PROGRAMDATA%\Microsoft OneDrive” /Q /S > NUL 2>&1
echo Removeing OneDrive from the Explorer Side Panel.
echo.
REG DELETE “HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}” /f > NUL 2>&1
REG DELETE “HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}” /f > NUL 2>&1
pause

Then, save the file as file.cmd ( example OneDriveSucks.cmd), then execute the .cmd file as administrator by right click on it. Reboot computer and your are 1% in progress of privacy in Windows 10.

Warrant canary?! What the hell is a warrant canary?

warrant-canary

A warrant canary is a posted document stating that an organization has not received any secret subpoenas during a specific period of time. If this document fails to be updated during the specified time then the user is to assume that the service has received such a subpoena and should stop using the service.

In 2002, the FBI used the newly-passed Patriot Act to demand that libraries secretly turn over records of patrons’ reading materials and Internet use. The libraries had to comply – even though such secret requests go against the entire ethos of a professional librarian. To get around the government’s mandate not to disclose the orders, some libraries came up with a potential workaround: they hung signs on their entrances stating, “The FBI has not been here (watch very closely for the removal of this sign).” The idea was that, like a canary in a coal mine, the presence of the sign would reassure the public, and its removal would signal to those watching closely that all was no longer well. An order not to disclose something may differ legally from an order compelling continued, false notices that no national security request has been served, and warrant canary notices work by exploiting that difference.

The hypothetical canary that provides individualized notices to each user illustrates the extent to which canaries are essentially end-runs around lawful gag orders. Companies exploit the potential legal loophole in the difference between compelled silence and compelled lies in order to communicate information that they would otherwise be prohibited from sharing. The fact that so many companies are adopting canaries, even at the risk of exposing themselves to litigation and—at the outside—potential criminal liability, highlights how out of step even routine national security requests have become with the companies’ willingness to turn over information on their users. Like Apple’s recent embrace of automatic encryption, canaries are a symptom of the growing public desire to maintain control over personal data. In the end, then, canaries do not only signal information about national security requests that companies couldn’t otherwise communicate; they also signal the dissonance between the government’s emphasis on secrecy and industry’s willingness to cooperate. The era of companies sharing data with the government in the name of patriotism with just a shake of the hand is now over.

Warrant Canary Examples:
  1. https://proxy.sh/canary
  2. https://www.ivpn.net/resources/canary.txt
  3. https://www.vpnsecure.me/files/canary.txt
  4. https://www.bolehvpn.net/canary.html
  5. https://lokun.is/canary.txt
  6. https://www.ipredator.se/static/downloads/canary.txt
Related warrant canary information:
Side-note: Using a VPN provider will not make you anonymous. But it will give you a better privacy. A VPN is not a tool for illegal activities. Don’t rely on a “no log” policy.

My government (I’m Dutch) is building their own NSA.

This stuff blows my mind. A nice background article can be found using google translate here: http://translate.google.nl/translate?sl=nl&tl=en&js=n&prev=_t&hl=nl&ie=UTF-8&u=http%3A%2F%2Ftweakers.net%2Freviews%2F3337%2F1%2Fnieuwe-wetgeving-nederland-bouwt-aan-zijn-eigen-nsa-inleiding.html&act=url

While everyone is outraged over the NSA revelations, my government wants to extend their wiretapping laws so it can reach NSA proportions. The laws are not even changed yet, but recently they already purchased the equipment to allow extended data analysis.

Also, you have to give them credits for their lack of care: “The secret services are not interested in your private conversations”.

Anyways, i have no idea where to go next with this. Will people protest? I’d like to join them. I can do all these computer tricks to just encrypt everything, but clearly this is a political issue also. We’re turning into a surveillance state here.

Protecting your data: survey indicates that with 4 exceptions major companies fail miserably

With so much recent concern about how the NSA and GCHQ (and, likely, others) basically look at unencrypted traffic as an easy way to hack into your data, it’s becoming increasingly important for the big companies which manage tremendous amounts of the public’s personal data to encrypt as much as possible. The folks over at the EFF have now put together a sort of crypto report card on which major companies are actually encrypting everything they can.

The results are a little disappointing. Only four companies. Dropbox, Google, SpiderOak and Sonic.net got a perfect score on the five categories measured. Twitter is pretty close (and the only thing it’s missing, STARTTLS, really would only matter if it were offering email, which it doesn’t, other than to employees) while the rest still have a fair bit of work to do.For the die hard Cloud users & Faacebook fanatics it involves you taking responsibility for your own security and crypto keys, which maybe is too much to ask. That’s why Encrypting Facebook as a start.or Encrypting cloud storage.. The incumbent access providers AT&T, Verizon and Comcast don’t appear to care nearly enough about security at all. And lots of free apps and cloud services started appearing, some with CIA funding (InQTel) offering storage of business data, video, IP surveillance, exactly the sort of thing the NSA wants to grab in a 5 eyes jurisdiction with a cooperative management. That’s why it’s little surprise that the NSA’s deals with at least AT&T and Verizon are a major source of information.

data

Hopefully this effort (and the ongoing concerns about the NSA, as well as outside hacking) lead more companies to upping their encryption game.

CISPA: Who’s For It And Who’s Against It And Much More…

CISPA v3 is back!

We had believed, along with a number of others, that the Snowden leaks showing how the NSA was spying on pretty much everyone would likely kill CISPA dead. After all, the key component to CISPA was basically a method for encouraging companies to have total immunity from sharing information with the NSA. And while CISPA supporters pretended this was to help protect those companies and others from online attacks, the Snowden leaks have reinforced the idea (that many of us had been pointing out from the beginning) that it was really about making it easier for the NSA to rope in companies to help them spy on people.

ku-bigpic

Also, if you don’t remember, while CISPA had passed the House, the Senate had shown little appetite for it. Last year, the Senate had approved a very different cybersecurity bill, and had expressed very little interest in taking up that fight again this year. Except now, in an unexpected move, Senate Intelligence Committee boss, and chief NSA defender because of reasons that are top secret, has now announced that she’s been writing a Senate counterpart to CISPA and is prepared to “move it forward.”

Continue reading “CISPA: Who’s For It And Who’s Against It And Much More…”