windows is safe from the nsa ?

Honestly you'd have to be crazy to trust anyone but unfortunately we humans aren't left with much choice anymore, it's not just something specific to businesses or governments. :D
 
The best way to secure yourself against NSA is not to do illegal stuff. It's a no brainer. I'm not worried about any countrys security agency, personally.
 
Until you can inspect the code that is Windows, trust should be taken with a major grain of salt.
 
MiniatureDino said:
NSA is doing their job for the right reason. We the people should not indulge in such activities.
Click to expand...

There's no excuse for the mass gathering of personal data no matter what the media may portray. That's just the excuse used by global governments for the public's acceptance of the mass gathering of their personal data and further erosion of an individuals rights.
 
MiniatureDino said:
I totally agree with you because whatever NSA do in the name of people's security is not what people actually want them to do. They are just keeping an eye on our personal stuff as well. But there is no work around to stay away from their surveillance.
Click to expand...

Linux and a good VPN provider is a start.
 
Nobody and nothing is safe from a nation-state that wants to get at your private data. If they actually target you, you're shit out of luck. Of course unless you're a terrorist or political dissident, that's pretty unlikely to happen.

But then, if the US agencies actually target you, you're probably a bad actor. Unfortunately that doesn't apply to some like the Chinese government, who target economic entities to gain advantage by stealing intellectual property and such.

I focus on protecting myself from criminals and non-targeted governmental and commercial (ie, your ISP, google, etc) data collection. That's all you can realistically achieve. If a nation-state is after you specifically, even running Tor inside Tails across multiple VPNs is no guarantee.

That's really my approach to security in a nutshell. I know damn well that if I'm targeted, I'm likely to be compromised, including by criminal elements. I just try my damndest not to be a low-hanging fruit.
 
MiniatureDino said:
Lol, as I am not a user of Linux, do you mean to say that I should start using Linux for the sake of this technology named VPN?
If a VPN would be good enough to protect one's identity or data then I would have heard it before in my life.
I don't know how a VPN works but I'm sure that it would be expensive.
P.S. Too lazy to search for it on Google :D
Click to expand...
Using a VPN shifts the security concern(s) one has from the ISP to the VPN, i.e., you have to trust the VPN to NOT violate the trust you are placing/shifting to them. "Cheap" VPNs are probably no more "moral" or "immoral" than an ISP as they see the same information that the ISP does. Hope this helps.
 
BulletDust said:
Until you can inspect the code that is Windows, trust should be taken with a major grain of salt.
Click to expand...
That method worked out real well for users of OpenSSL a couple years ago didn't it? The vulnerability that allowed heartbleed was what, 10 years old? It hadn't been patched, because everyone assumed it was safe, since anyone who wanted to examine the code could. Problem is, no one did, because they trusted the OSS model.

Trust is based on a pattern of trustworthiness, not claims of "Trust me!" This applies for OSS software as well as proprietary software. What is the track record of trust?
 
If you commit a crime and use anonymizing software, the FBI can now obtain an open warrant to remotely hack your equipment in place of a physical investigation. VPNs will hide your personal information when using a public WiFi or from your ISP, but major corporations like Google and Facebook will still attempt to track you using scripting or current ip address.
 
rezerekted said:
Or the USA itself is the bad actor.
Click to expand...
Nah. Not if they target you. There's no indication that the US government actually targeted anyone that wasn't a bad actor or to further national security interests. Don't worry about being targeted by the US-- worry about your private data being swept up in a wide net.

Of course other governments are a different matter. The Chinese target intellectual property and the Russians are influencing elections worldwide, famously in the USA but also in Europe, most recently in the case of the French presidential candidate François Fillon in an effort to get Marine le Pen elected.

Ultimately if a nation-state targets you, you specifically, you're screwed. There's no defense against that.
 
jardows said:
That method worked out real well for users of OpenSSL a couple years ago didn't it? The vulnerability that allowed heartbleed was what, 10 years old? It hadn't been patched, because everyone assumed it was safe, since anyone who wanted to examine the code could. Problem is, no one did, because they trusted the OSS model.

Trust is based on a pattern of trustworthiness, not claims of "Trust me!" This applies for OSS software as well as proprietary software. What is the track record of trust?
Click to expand...

People have posted statistics highlighting the number of vulnerabilities rectified under the differing OS platforms, of course they mistake such information as an example of what makes an OS insecure, which isn't what the statistics are highlighting at all.

In every one of these statistics vulnerabilities are being found and patched under Linux very efficiently - Which makes sense as Linux is not only open source with a far larger base of users inspecting it's code, but it literally makes up the backbone of the internet and enterprise servers. The percentage of vulnerabilities found under Windows is lower and this is not necessarily a good thing, there is every chance that it actually highlights a weakness of the closed source model.

One way or another, due to human nature and compounded by the desire for profit and the need to look after shareholders in the case of Windows, trust cannot be proven. So I fail to see the point of your post, it highlights nothing we don't already know - Vulnerabilities exist under any OS.
 
jardows said:
That method worked out real well for users of OpenSSL a couple years ago didn't it?
Click to expand...

Not like 20 year old vulnerabilities are still being found in Windows. The difference is, users are depending on MS to fix them (or not to fix them on old versions).
 
B00nie said:
Not like 20 year old vulnerabilities are still being found in Windows. The difference is, users are depending on MS to fix them (or not to fix them on old versions).
Click to expand...
The point is, everyone assumed it was safe, because you could look at the source code, but for years, no one actually did look at the source code. It cannot be assumed that OSS programs are inherently more safe and secure, otherwise you will run into the same situation. On the flip side, someone who wants to find vulnerabilities and exploit them have the same access to the source code and can find the errors, while on proprietary software, you cannot examine the source to find errors to exploit, you just have to trial and error it. That's why those "20 year old vulnerabilities" are being found, but not necessarily exploited.
 
jardows said:
The point is, everyone assumed it was safe, because you could look at the source code, but for years, no one actually did look at the source code. It cannot be assumed that OSS programs are inherently more safe and secure, otherwise you will run into the same situation. On the flip side, someone who wants to find vulnerabilities and exploit them have the same access to the source code and can find the errors, while on proprietary software, you cannot examine the source to find errors to exploit, you just have to trial and error it. That's why those "20 year old vulnerabilities" are being found, but not necessarily exploited.
Click to expand...

Which do you think is easier, review code that's visible to you or review code that's hidden from you?

This one isolated case doesn't mean that the system doesn't work. With closed code nobody can check what's really happening on your computer.
 
B00nie said:
The best way to secure yourself against NSA is not to do illegal stuff. It's a no brainer. I'm not worried about any countrys security agency, personally.
Click to expand...

no. just.. no.

this is worse than the "if you have nothing to fear" bullshit.

laws change. and what is legal today can easily be illegal tomorrow.
 
B00nie said:
Not like 20 year old vulnerabilities are still being found in Windows. The difference is, users are depending on MS to fix them (or not to fix them on old versions).
Click to expand...

You dont think there are any ancient zero days remaining?
 
Master_shake_ said:
no. just.. no.

this is worse than the "if you have nothing to fear" bullshit.

laws change. and what is legal today can easily be illegal tomorrow.
Click to expand...

So you default to being criminal? If laws change I'm going to abide them just as I follow the current laws. Duh.
 
jardows said:
The point is, everyone assumed it was safe, because you could look at the source code, but for years, no one actually did look at the source code. It cannot be assumed that OSS programs are inherently more safe and secure, otherwise you will run into the same situation. On the flip side, someone who wants to find vulnerabilities and exploit them have the same access to the source code and can find the errors, while on proprietary software, you cannot examine the source to find errors to exploit, you just have to trial and error it. That's why those "20 year old vulnerabilities" are being found, but not necessarily exploited.
Click to expand...

According to statistics people keep misinterpreting, Linux vulnerabilities are being patched at a far higher frequency than Windows vulnerabilities. People keep misinterpreting this statistic to indicate that there are less vulnerabilities under Windows, which it in no way the case. The statistics simply prove that vulnerabilities under Windows aren't being found and therefore patched as efficiently under a closed source OS.

Considering Linux forms the backbone of the internet, I think the FOSS model works perfectly considering the discovery and rectification of vulnerabilities.
 
BulletDust said:
According to statistics people keep misinterpreting, Linux vulnerabilities are being patched at a far higher frequency than Windows vulnerabilities. People keep misinterpreting this statistic to indicate that there are less vulnerabilities under Windows, which it in no way the case. The statistics simply prove that vulnerabilities under Windows aren't being found and therefore patched as efficiently under a closed source OS.

Considering Linux forms the backbone of the internet, I think the FOSS model works perfectly considering the discovery and rectification of vulnerabilities.
Click to expand...
My point is not that FOSS model is worse, it is that the assumption that the model is better is flawed. It is that assumption that let to heartbleed, shellshock, and other recent, well publicized exploits. The assumption that says "someone must be looking at the source code, and someone certainly would have found problems, so I can assume the software is not flawed."
 
jardows said:
My point is not that FOSS model is worse, it is that the assumption that the model is better is flawed. It is that assumption that let to heartbleed, shellshock, and other recent, well publicized exploits. The assumption that says "someone must be looking at the source code, and someone certainly would have found problems, so I can assume the software is not flawed."
Click to expand...

While I'm far from willing to get into a long winded argument over this, the fact is the statistics highlight that vulnerabilities are being picked up and rectified at a far higher rate than under Windows. The only real flaw in the argument is that we are relying on the word of a few when it comes to Windows as opposed to the words of many when it comes to Linux and it's easier to hide vulnerability issues under a closed source OS making it look like there aren't any as opposed to an open source OS.

While it can naturally be assumed that vulnerabilities within Linux can be missed for many years, it's difficult to argue that having more people inspecting the code results in more vulnerabilities being missed.
 
Not to mention all the nefarious stuff Microsoft can hide in the code when nobody is able to openly review it.
 
BulletDust said:
While I'm far from willing to get into a long winded argument over this, the fact is the statistics highlight that vulnerabilities are being picked up and rectified at a far higher rate than under Windows. The only real flaw in the argument is that we are relying on the word of a few when it comes to Windows as opposed to the words of many when it comes to Linux and it's easier to hide vulnerability issues under a closed source OS making it look like there aren't any as opposed to an open source OS.

While it can naturally be assumed that vulnerabilities within Linux can be missed for many years, it's difficult to argue that having more people inspecting the code results in more vulnerabilities being missed.
Click to expand...
Can you at least admit that assuming software is safe and secure merely because the source can be reviewed by anyone is not wise?
 
jardows said:
Can you at least admit that assuming software is safe and secure merely because the source can be reviewed by anyone is not wise?
Click to expand...

No one is assuming any operating system is 100% secure? I can assure you there are exploits in both Windows and Linux that are just waiting to be discovered, it's a fairly large code base resulting in a game of Cat and Mouse.

The fact is, the more people you have reviewing that code, the greater the chance you have of discovering and rectifying such exploits, hopefully before they become an issue. Just the other day I was reading about an exploit in Office that MS knew about but refused to patch until the hackers began taking advantage of it.

The fact is, we have no idea what's going on at Microsoft, there may be a major security hole they know about just waiting to be exploited.
 
Is it connected to the Internet:

No: You are safe
Yes: You are not safe

Simple.
 
Are you a criminal:

Yes: You have to worry about nsa
No: You're safe.
 
MiniatureDino said:
Lol, as I am not a user of Linux, do you mean to say that I should start using Linux for the sake of this technology named VPN?
If a VPN would be good enough to protect one's identity or data then I would have heard it before in my life.
I don't know how a VPN works but I'm sure that it would be expensive.
P.S. Too lazy to search for it on Google :D
Click to expand...

VPN van be very inexpensive. I have my own VPN on my router at home so I can VPN into my home network when I am out and about. This secures my connection from would be packet sniffing and proxy blocking of where I may want to surf. More to the point to removes the ability of the host site to know what I am doing other than using their network to reach another network through a secure tunnel.

In reality the "technicality" of a VPN solution adds a small bit of overhead for a great bit of security. THAT is the real point to it.

What a VPN does, is... it takes your data.. and encrypts it. The term it often uses in encapsulation. Your data is packed into a secure space where the only data on the actual data being sent is the destination of the target network and the public key. This is transmitted and responses are likewise encapsulated and delivered to be decoded and processed as regular network traffic. Pretty cool stuff and in essence now a rather run of the mill normal network security solution for when out in public networks.

So a VPN is like writting a message. Folding the paper. Then handing the message to someone else. They make up their own alphabet and re write your message based on that alphabet that only one other person understands. Then they walk the note to the other person. If anyone unwanted sees they letter it looks like junk.. so they don't care and let the letter through. Then the carrier delivers the letter to the recipient who translates the letter back. Writes a response. Re encodes that. hands it back to the carrier.. and they bring it to you. You decode it with their help and read it and so on and so on.
 
B00nie said:
Are you a criminal:

Yes: You have to worry about nsa
No: You're safe.
Click to expand...

This right here is great as long as we don't become a police state. The worry is what happens if we DO become a police state. Now data that the NSA collected years ago and stored for that one time you went to a I hate this political person website is pulled up. That person says.. "Clearly B00nie is a bad guy... lets arrest him and see if he will flip on other bad guys before we kill/incarcerate him." You get a knock on your door because.. as you said.. You've never broken the law.. it wasn't illeagle then but it is now.

Now before you say.. "Psh that'll never happen this is Merika." Lets just go over how freedoms are targeted at being restricted. 1. You a citizen travelling back to America from several potentially ALL foreign nations can not bring a carry on laptop or tablet device. 2. We're building a freaking wall between us and Mexico. Maybe.. eventually.. possibly. 3. We've restricted the number of refugees we take in.. and other things... that I'm not aware of.

America today isn't the America we were 8 months ago,, or even 20 years ago. Some better but a lot reverting... to a time when America was led by fear.
 
You must log in or register to reply here.
Back
Top