PRISM /Tempora & securing my information online ?

Didn't know where to post this one ... Here or Security ?

I'm sure most people have heard about the PRISM (American) and Tempora (British) electronic surveillance programs currently being used to spy on us all.

So just how secure is my connection ? I have used a VPN in the past and could easily get it back by renewing my subscription with my provider . (It ran out this month ) Would that offer adequate protection from those "spying eyes" ?

InB4 .... "If you aint doing anything wrong , you have nothing to hide"

I find that argument ridiculous and don't see why we should be spied on like this. I don't do anything wrong online , sure maybe I download a film once or twice a year. Visit some adult sites etc .... WOW shock horror !!! I'm certainly not a terrorist threat to my country or yours.

So has anyone any suggestions on how to beef up my online security ? I do a fair bit of shopping online , same as banking. So added protection would be advantageous.

Ideas anyone please ?

From an internal point of view, that is within the walls of your home your connection is safe and any data between devices on your network cannot be monitored unless someone has physical access to your router/switch since the data will have to pass through that un-encrypted to its destination.

The internet is essentially comprised of many routers connected together routing information between each other to the web server that you requested. The issue with security of normal un-encrypted data (http://) is that if anyone had physical access to a router that has your information passing through it un-encrypted then they could obtain any data sent to and from your machine. Prism and Tempora programmes were supposedly made to measure some communication in order to pick up terrorists or illegal actions of individuals since the internet can be the birthing place for terrorism since it is so hard to monitor and is not owned by one single company. This may seem as a threat to privacy since any data sent on this sight could potentially be intercepted as I submit it. The only way of maintaining your information securely is to encrypt your data as you send it. This decreases the chance of any hacker from easily interpreting the data that it picks up. That being said little information is currently known as to whether or not Prism or Tempora can obtain and be able to decrypt it.

How do you send data encrypted?

You can send data encrypted to any web server however the server itself must have what is known as a 'decryption key' which is related to the way that you encrypt your information therefore only few servers can decrypt the information that you send it rendering it useless. To solve this web servers use SSL and certificates to provide authentication and allowing you to send sensitive information such as passwords or banking request encrypted without the fear of anyone intercepting it. (https://) More information can be seen here - What is HTTPS? - YouTube

Another possible way is to use VPN which creates a 'tunnel' as it goes through the internet and when it detects a breach in the tunnel for example if a hacker tries to intercept the information as you send it then the connection will terminate and then pick a different route across the internet. The information sent is also encrypted so if they do receive any information at all then they will have a hard time decrypting it. In my advice I personally wouldn't use a VPN since I feel that the information I send on the internet is not all that sensitive and am not too bothered if someone intercepts it. Also there is no gurenteed that the information sent cannot be protected from government programmes however it is the strongest form of protecting your information.

That being said you must be warned that any sites that you visit is logged by your ISP automatically not to spy on you but stored as evidence if needed in court and charges are pressed for infringing information such as the Designs and Patents Act 1988 or the Digital Economy Act 2010.

I hope I have explained all that you asked but please do not hesitate to ask further questions if I have poorly explained something

Hope This Helps,
Josh!

Try startpage.com as your search engine. They are working on an email client .

https://startpage.com/

StartPage and its sister search engine Ixquick have in their 14-year history never provided a single byte of user data to the US government, or any other government or agency. Not under PRISM, nor under any other program in the US, nor under any program anywhere in the world. We are not like Yahoo, Facebook, Google, Apple, Skype, or the other US companies who got caught up in the web of PRISM surveillance.
Here's how we are different:

• StartPage does not store any user data. We make this perfectly clear to everyone, including any governmental agencies. We do not record the IP addresses of our users and we don't use tracking cookies, so there is literally no data about you on our servers to access. Since we don't even know who our customers are, we can't share anything with Big Brother. In fact, we've never gotten even a single request from a governmental authority to supply user data in the fourteen years we've been in business.
• StartPage uses encryption (HTTPS) by default. Encryption prevents snooping. Your searches are encrypted, so others can't "tap" the Internet connection to snoop what you're searching for. This combination of not storing data together with using strong encryption for the connections is key in protecting your Privacy.
• Our company is based in The Netherlands, Europe. US jurisdiction does not apply to us, at least not directly. Any request or demand from ANY government (including the US) to deliver user data, will be thoroughly checked by our lawyers, and we will not comply unless the law which actually applies to us would undeniably require it from us. And even in that hypothetical situation, we refer to our first point; we don't even have any user data to give. We will never cooperate with voluntary spying programs like PRISM.
• StartPage cannot be forced to start spying. Given the strong protection of the Right to Privacy in Europe, European governments cannot just start forcing service providers like us to implement a blanket spying program on their users. And if that ever changed, we would fight this to the end.

[h=2]Privacy. It's not just our policy, it's our mission.[/h]

Click to expand...

https://startpage.com/eng/prism-program-exposed.html




For online storage, use client side encryption. It is explained on Wuala

Wuala features best-in-its class privacy and data security. All files are encrypted on your computer before being transferred to the cloud. Your password never leaves your computer, so no unauthorized user, not even LaCie employees, could ever access your data.

Click to expand...

Wuala - Technology - Secure Cloud Storage - Backup. Sync. Share. Access Everywhere.

.Thanks for the info , I just find worrying that we could be all be profiled by "Big Brother". That was written as a cautionary tale , now it seems its a training manual for various intelligence services. Don't get me wrong I am not a member of the tin foil hat brigade and I do understand that the bad guys are in fact trying to harm us but , at what cost ? If we keep losing our rights one by one , pretty soon you end up with none.

The Boston bombing still happened and a British soldier was butchered on the streets of London recentlya few miles from where I live, but where was PRISM /Tempora then ? 600 million phone entries (calls /texts) are analysed every day in the UK. 600 million. Compare that to the population of the UK and do some math. That would be close to all calls and texts. God knows what they are doing on the interwebs and how our data is being used and stored. This isn't just about privacy concerns its about ethics/legalities as well. </rant>.

So yeah privacy and security are very important to me now. I do have a basic understanding how some hackers protect themselves online , but obviously I'm not one of those and don't want to use illegal means to protect myself.

I have a plug in for Chrome called Https everywhere that forces encryption , but as you say its fairly limited in its use but offers some additional security. I honestly don't think it matters what browser you use since all the big players are involved in this. Microsoft, Apple , Google etc.

I have used a VPN before and will renew my sub today for it. Only a few euros a month and is based outside the UK and the US and my internet speed remains the same using my VPN of choice and it also removes censorship on the internet as well. So I'm guessing they ( VPN's) are the best protection available for Joe public ?

I have read about TOR and it seems slow and clunky and only gives anonymity to the browser not the system. Is that correct ? Some curious debate about the security of the end nodes as well. Any views on TOR please ?

SIW2 I will look at those links as soon as I post this.

Thanks to you both for the input.

I don't think people understand what metadata is. Think of it as collecting nets full of shrimp and just weighing them for value vs catching one shrimp at a time and counting heads.

People worry needlessly about the slippery slope before they even start climbing the hill.

I'm aware what metadata is , XML , JSON etc. I have followed this closely on some well respected websites , Ars Technica for example and its users comment heavily on this subject. Admittedly the editors have reached a new level of douchebaggery with the articles about Snowdens girlfriend ....

The Guardian newspaper are covering this extensively as well.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

Click to expand...

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".


When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".

Click to expand...

So being concerned about my privacy isn't bad thing and "No use shutting the stable door after the horse has bolted"