Best anti NSA openerating system?

Discussion in 'Operating Systems' started by GreenArrows, Jun 8, 2014.

  1. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    You are right, because there is no sense encrypting to protect stuff like say...work information, medical records, taxes, cached browser information, purchases, vacation information, etc.

    You know, other than all that handy stuff..no need...nope none whatsoever...
     
  2. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    Hmm since when do you keep your taxes and medical records on your personal computer? Down here your medical records reside at your doctors office and taxes at the tax office. Purchase records are stored at the bank lol. Vacation information? Such as? Do you keep a file at your computer saying 'for anyone spying or concerned, our family will be on vacation from june 5th to august 1st, key is under the carpet'?

    Now I know, you encrypt that data but make sure you publish on Facebook how beautiful sunset Phuket has. Yeah. :D

    Why would I store stuff like that on my computer? Only if you run your own company that stuff may need hiding in the work computer but certainly not from the government! Unless you have some tax evasion to do or illegal workers.

    By the way, do you browse some shady sites or whats so interesting about your browser cache? My browser cache includes a few web shops, bulletin boards, some evening magazines, hobby sites and some random stuff from stumbleupon. That would be a catastrophy if someone saw that, right?
     
  3. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    Seriously? People do their taxes on their computers all the time. They save that tax information in case they get audited, you are actually told to keep copies for yourself. As for medical records, I don't know about you, but I have digital copies of all my images: X-Rays, MRIs, Ultrasound, etc. You don't keep copies of your receipts for purchases? As for vacation, people get pictures, get information about where they are staying and create itineraries for their vacations.

    The real question here is that I see a trend. You don't seem to keep copies of anything, you seem to think you can trust all these institutions to save the records and have them on hand if you ever have a problem. The reality is they don't always keep proper care of your records and ultimately you are responsible for your own information.

    What? If anyone is doing it, it is you who are advocating less security and proposing that anyone who uses encryption must be some kind of criminal that is hiding something. If I am advocating encrypting your computer, why would I then turn around and post on FB?

    I guess you haven't gotten very far in your career? A lot of people work from home and sometimes need to use their own computers. And you know what? Shocker, some people work for the government and sometimes need to use their home computers (with permission) and therefore if they have some FOUO information that needs to be encrypted.

    What is so interesting about my browser cache, probably the fact that it can contain the last few sites I visited which required passwords for online services and there is a way to retrieve and re-use some of those passwords, especially if you check the save passwords option, but even if you don't it can still be done. Also by tracking your history, they may be able to tell a lot of things about you. This is actually a huge component of social engineering.
     
  4. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    I get a prefilled tax report which I can fill as a paper or do it in the cloud service. Nothing needed to store on my own computer. Paper receipts are kept in a folder if need be.

    I do not get any electronic receipts with the exception of flights. Everything else comes on paper so I have virtually nothing on the computer. Even if I had, there's nothing secret about my receipts. What would you do with the information that I bought diesel a few thousand liters, paid insurance, flew a few flights and paid hotels etc. the past months? The itinerary is a moot point once someone already got hold of your computer lol. What would the NSA have to gain reading your itinerary? Perhaps you're making a field trip to Al-Caeda camp or something?

    Yep, they do that for me and I have zero need to store that stuff by myself. In fact they do not even give the records unless I demand them.

    As far as medical records etc. go they are responsible, not me. Of course we have socialized free health care so probably stuff works differently here.

    Heh, you don't see the absurdity of being scared of NSA and encrypting your files while being a facebook member where anyone can see what you do? It's 99% possible an outsider will see your FB posts but it's 0.000000001% possible NSA would infiltrate your drive and read your unencrypted stuff.

    I have come far enough in my career to know that you never EVER do work with your personal computer. You have a dedicated workstation which is kept clean of any risks such as downloading files for personal use. I have multiple computers provided for me to do my work with and personal computers to do personal stuff. The personal computers do not include any trade secrets and therefore require no secrecy.

    If someone got physical access to your computer, your site passwords are the least of your problems. Also any sites worth their salt do not store any login information in any cache or cookies. The only sites you'll find with stored information are bulletin boards etc. harmless stuff. So yeah, there's a risk that someone will post as me and troll some boards. I say good luck to them, trying to beat me! :D
     
  5. krogen

    krogen [H]ard|Gawd

    Messages:
    1,077
    Joined:
    Jul 22, 2009
    Again, let me repeat myself.

    The bottom line is, if it's of value, it's worth encrypting.

    Just as in the physical world you have a key to lock your house, just as you have keys (passwords, usually) in the digital world. In both scenarios you are protecting something valuable. If something truly has no value, it may very well be open.

    Similarly, in the physical world high-cost valuables tend to be stored away in hidden places or places that can provide some kind of anonymity like safes or lock boxes. The equivalent in the digital world is encryption. If it's valuable, it's worth encrypting.

    Just because you have no "legitimate" use for encryption doesn't mean others don't.
     
  6. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    Oh I get it. You're the kind that slows down 20mph at the speed trap even though you were already doing below the limit. You know, because they might get you :rolleyes:
     
  7. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    So the person not from the US is telling us in the US what we should and shouldn't worry about...got it.
     
  8. jnex26

    jnex26 2[H]4U

    Messages:
    3,353
    Joined:
    Aug 7, 2001
    I'm Split, I believe you should protect your machines suitably but encryption is overkill for local storage.

    For example take the tax records on your computer, it would be much easier and simpler to extract them from the HMRC (Revenue and Customs) Medical Records the NHS holds them.

    And what's worst in Britain encrypting your data can be a one-way ticket to prison, forget the decryption key or just don't give it up and your going to JAIL, no judge no jury no defence just go strait to jail. If anything that should tell you about how unbreakable modern encryption is !

    If you want to protect your data from snooping Harden your perimeter only allow known traffic out and block everything else.

    The only time encryption is suitable in my eyes is when your transporting data or keeping sensitive data in the public realm E.G. cloud backups.

    As for the original question. I would suggest from a openness point of view slackware or Fedora but they are my personal preferences I've found in the past when it comes to security it's a mixed back and you have to know what your doing to secure a linux machine.

    And if your not going to personally sift though every line of code the best you can do is a guestimate there is not an exploit or backdoor in your O/S
     
  9. JoeOnePack

    JoeOnePack Limp Gawd

    Messages:
    179
    Joined:
    May 18, 2012
  10. jnex26

    jnex26 2[H]4U

    Messages:
    3,353
    Joined:
    Aug 7, 2001
    Probably correct but pick a form which has as many eyes on it as possible to which in theory makes it easier to discover potentially dangerous bugs and back doors, its not foolproof tho look how well that worked out in openssl !!
     
  11. Ruoh

    Ruoh [H]ardness Supreme

    Messages:
    5,858
    Joined:
    Sep 16, 2009
    And no internet connection.
     
  12. JoeOnePack

    JoeOnePack Limp Gawd

    Messages:
    179
    Joined:
    May 18, 2012
    I guess the moral of the story is, nothing is safe. Frequently back your stuff up and just assume at all times either you are being watched or your stuff is being accessed. Should help change your habits a bit. ;)
     
  13. Lunas

    Lunas [H]ardForum Junkie

    Messages:
    9,756
    Joined:
    Jul 22, 2001
    there is a picture floating around where they mod a linksys router that is being shipped to a target so the bug is in the router and thus ignorant of os. IF THEY WANT TO LISTEN TO YOU THEY WILL. That is only something that can change at the polls so if you dont like this shit get off your ass and vote people EVERY VOTE COUNTS obama was re-elected BY 3% kerry lost to bush by 1.7% obama was elected by about 3% with the best voter turn out being 61.6% so 38.4% of eligible voters chose not to vote... bush won over gore by .3%
     
    Last edited: Jun 10, 2014
  14. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    1) Are you a threat to national security? If so, you deserve to get monitored.
    2) Is your NSA a threat to a regular law abiding citizen? If so, move to a better country. If the latter is true all the legends of the 'land of the free' are soundling much like a joke.
     
  15. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    Yep open source code makes no garantees of any kind. Any backdoors and vulnerabilities will always pass unless someone takes the time to actively review the code.

    The fact is that most of the open source code gets reviewed only by its original developer. Nobody has the time or resources to even read through the source let alone understand it.
     
  16. Lunas

    Lunas [H]ardForum Junkie

    Messages:
    9,756
    Joined:
    Jul 22, 2001
    Does not matter they will find a way there is no such thing as an anti nsa os even those stupid zeus os on a stick things are not nsa proof and the op wants to game... As far as i am concerned op run windows play all the games take the tinfoil hat off and get over it. Think of it this way this thread if this forum alone does not get us monitored running any anti nsa os is really painting a bullseye on yourself to be monitored...

    There is an increasing amount of boot usb drives coming out that are "high privacy" these are a scam they are no more private than a live cd. If you want to be a gamer and wear a tinfoil hat because you don't want the man snooping in your noodle then you have 1 option unplug run off the grid and play console systems inside a Faraday cage. No internet no phone just basic electricity provided by wind, solar, thermal, water wheel, or diesel generators
     
    Last edited: Jun 11, 2014
  17. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    You're making assumptions based on your own countries way of doing things. You say we have no need for encryption for things like our tax returns, because it's on file with the tax office. Well here, people keep a copy of their own tax returns, because getting them from the IRS is a pain the ass and costs money. Some people also keep copies of their own medical records, because they might have to visit multiple doctors in different specialties and the records don't always transfer easily and/or quickly because we don't have socialized health care (yet anyway).

    I encrypt every device I have that leaves my house, that way I don't have to worry that I might have some document on a laptop that has a credit card number if that device gets lost or stolen.

    To say that nobody except criminals needs encryption is just plain foolish and short-sighted.

    If your country does everything for you, great, good for you. The US doesn't, so telling us what we should or shouldn't do is pretty silly. That's enough soapbox for now.
     
  18. bigdogchris

    bigdogchris [H]ard as it Gets

    Messages:
    17,832
    Joined:
    Feb 19, 2008
    The best way to avoid the NSA is to not do stuff that that NSA looks for.

    Don't look up information on making pressure cooker bombs. Don't distribute child pornography. Don't visit websites looking for a hitman to take out your ex-wife.

    Otherwise the NSA could give a fuck less what you post on hardforum
     
  19. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,986
    Joined:
    Mar 18, 2010
    So much this. The NSA is limited by time and manpower, they don't have time to look at anything besides key phrases and go after the big fish. And given the lack of cooperation between different levels of government, state and local agencies don't have access to NSA information either.

    What the average citizen should be concerned about are license plate cameras that allow the local police to track your every movement, should you move by car. And then they look for patterns of movement that may be indicative of criminal activity. That technology is in use today, and it's only spreading.
     
  20. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    That has got to be one of the single most naive comments ever. So you are saying that code which is open for anyone to review is only reviewed by its developer? That defeats the whole purpose. The purpose of open source is to get reviews and feedback by a much wider audience and typically you get vulnerabilities and holes found quicker and faster patches developed for it through that process. Closed source is only reviewed by its developer, that is the nature of the system. Only the developer has access to that code, only they can really make patches to it. So really with closed source you get less visibility and a lot of it gets tunnel visioned. The real difference comes in finances though. Generally the code with more financial backing is going to get more work done on it.
     
  21. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    That has got to be one of the single most naive comments ever. If you really think that being open source by itself will garantee that the code ever gets reviewed and analysed for security threats you must be kidding. There are so many developments and so much fragmentation in the open source market that nobody can control it all if even a fraction of it. BSD had the CIA back door for years, heartbleed bug was undetected for years - and who knows how many unintentional or intentional backdoors and security loopholes still exist in the code. Literally nobody knows, because nobody gets paid to actively hunt for bugs and security issues.

    Like Fedora fglrx, the maintainer decided to just quit one day so kaboom, no more fglrx lol. How many people do you think reviewed HIS work?
     
  22. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    Really, I guess that is why NSA uses open source now because no one reviews it for security holes and vulnerabilities.... You have no understanding at all of the open source community or industry, especially when it comes to security. Almost all of the security projects being done now by NSA, co-sponsored by NSA, or in affiliation with NSA are using some form of open source systems.

    Lol you mention small open source projects, what about Fedora itself? How about Ubuntu? How about Mint? How about CentOS? All open source, all have tons of support and tons of people contributing. And those are only a few. And a lot of open source projects have had their developers drop out and then someone else picked it up and run with it, or used the code and created something new. That is one of the beautiful things about open source, the ability to continue it even when the developer might give up on it.
     
  23. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    NSA has n number of paid coders reviewing the code they see necessary. They do not even attempt to review all open source code, even the government can't afford that. And most likely they are covertly implementing backdoors while at it where strategically necessary. The only reason why they choose to do open source is because it's cheaper for them to security audit existing code instead of making completely new. They do not use open source code without auditing it if that's what you think lol.

    You mention fragmented open source development. The more fragmentation there is, the more abandoned projects, the more startup projects that never get past half done there is, the more potential security problems linux will have.

    There should be just one distro that gets polished by all of the man power the community has. With fragmentation nothing gets done properly in the end.

    Who picked up fglrx on Fedora? It's been unsupported for months. Nobody? Who reviewed the code done so far before it got abandoned? Anyone?
     
    Last edited: Jun 11, 2014
  24. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,684
    Joined:
    Feb 15, 2003
    Windows 3.1 without any network drivers, speaker, mic, modem drivers, usb ports, serial ports etc is pretty NSA proof.
     
  25. devman

    devman 2[H]4U

    Messages:
    2,398
    Joined:
    Dec 3, 2005

    Different distro's suit different needs. RHEL, SLES, Debian are far different from Fedora, Ubuntu, and Arch Linux. Part of the reason different distros exist is because people have different ideas about what an OS should do and how it is done. Part of the beauty of open source is that people are free to fork and try new things. Ideas that work get used, ideas that don't die, but the ecosystem is better for those ideas.

    Speaking specifically on fglrx. It isn't supported by Fedora, never has been, as it isn't free software. Fedora can't be blamed for a package on a third party repository doesn't work.
     
  26. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    1) NSA develops its own open source content as well as provide some support, development and guidance to the open source community.

    2) I mentioned nothing about "fragmented open source development". That was all you trying to make open source something its not. Not even sure what you mean by "Fragmentation". If you mean different parties working on different things for the same source code and going in different directions, that is pretty much the point. Not all source code gets split like that though. There are many times when people work on different methods and then come back together and hash out those ideas to present a better overall product melding methods or just accepting/integrating the best ideas.

    3) Only in some cases. In some cases there should definitely be variety. Also variety doesn't mean you can't utilize the same platform. For instance there are hundreds of Linux distros, but you can install the same things across most of them and many of them communicate well with each other, because almost all of them are based off the same core. And that core by the way is developed by an open source community that gets together discuses changes and updates and then accepts the best ideas to incorporate into their build. They also have regular meetings to discuss and develop patches and fixes for it.
     
  27. Dogs

    Dogs [H]ard|Gawd

    Messages:
    1,141
    Joined:
    Aug 7, 2012
    Often times, yes, this is exactly the case. It's unfortunate given the amount of freedom open source offers that people would bother to completely ignore the source code of the software they use, but that's the way things are. Even on some high visibility projects, lots of code is only reviewed by the people writing it and the code reviewers approving those changes. Even though some of the code will get a lot of attention, the entire project itself won't, and most of the parts that do receive attention don't receive much.

    It's safe to say that there's a deceptively small amount of people actually reviewing source code, and as a result, plenty of bugs and security holes get through.
     
  28. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,442
    Joined:
    May 14, 2008
    That is completely contrary to my experience in the field and of almost everyone i know that is working on open source projects. Certainly there are developers that control the majority of the project, but they still take input and help from outside sources. There there are some that don't have many updates, but most of the time those projects are near completion and there really is nothing to add or change. Also there are cases where the project itself is just an outlier and there isn't as much interest in it. But since this thread is mainly geared towards Linux, none of that is true. There are tons of contributors to Linux, tons of people reviewing the code. There are tons of applications and additions people have written to go along with it as well, just look at all the current distributions. There are several major forks from the start of Linux that still have huge ongoing development and support for them. Just to name a few: Linux, Apache, Hadoop, MySql, OpenStack, Webkit, Firefox, Wordpress, XAMPP, LibreOffice, Puppet, Git, Metasploit, Kali Linux, OpenWrt & DD-WRT, ClamAV, etc.
     
    Last edited: Jun 11, 2014
  29. Dogs

    Dogs [H]ard|Gawd

    Messages:
    1,141
    Joined:
    Aug 7, 2012
    This is the internet, though, so I don't care what your 'experience in the field' is. There aren't people pouring over every line of open source code in every project. If you think all of the code is being looked at by many, many people all of the time, then your experience has mislead you.

    The fact of the matter is that there is still plenty of lines of code that haven't received the attention people are claiming open source software delivers. It doesn't matter how active a project is...that's 100% irrelevant, because there's no law of nature that says people who contribute to open source software are reviewing every line of code in the project. If the open source model was affording code all of this 'review', issues like Heartbleed wouldn't have taken 2 and a half years to be discovered. The people using OpenSSL built it into all sorts of applications without anybody taking notice of the bug, so clearly even the people using and contributing to the code aren't even reviewing it that thoroughly.
     
  30. devman

    devman 2[H]4U

    Messages:
    2,398
    Joined:
    Dec 3, 2005
    Heartbleed was discovered by code review at Google. The community adapts, and things get better. This lastest round with OpenSSL has shown downstream users just what a mess the code is in, and people are taking action to work the problem (alternative efforts like LibreSSL).

    Open source isn't prefect, but at least it is there for people to review.
     
  31. Dogs

    Dogs [H]ard|Gawd

    Messages:
    1,141
    Joined:
    Aug 7, 2012
    ....Re-read my post and try again. Heartbleed was discovered at Google ~2.5 years after it was introduced into the OpenSSL library, despite the fact that it was a fairly textbook buffer over-read vulnerability. The reason it took so long is because that was probably the first serious review of that piece of functionality since the offending code's original merge.

    Re-read my post and try again. Nobody is claiming that it isn't there for people to review. The problem isn't the ability to review, but rather whether or not this ability is ever actually leveraged, and most of the time it isn't.
     
  32. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    Check out Linux from Scratch: http://www.linuxfromscratch.org/

    I've been reading through that on and off. Basically it will let you create your own distro.

    The only danger is if the kernel itself has any backdoors, but I don't think Linus would let that happen, he's been approached by the NSA before and basically told them where to go.

    As long as they don't pull the same crap they did with Lavabit we should be ok.
     
  33. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    Unfortunately ideology and grim reality often do not make best friends. While in theory what you say is true and truly a great thing, in reality open source community is like an extremely badly run corporation where the workers are left on their own devices and each one works on his own projects instead of doing team work.

    Everyone knows that a coproration that has a bad administration either produces diminishing amount of end product or produces an awful lot of shit. Open source community is one of the latter. FOSS code is FILLED with semi-functional kinda-working almost-getting-there code that necessarily never gets polished to a commercial level. It's also filled with 10 different solutions to the same problem, some get adopted widely some don't. Some get abandoned half way, some don't. And the end user is lost in between this cacophony of code.

    If Fedora can't find anyone to maintain their fglrx packages, it's not AMDs fault but the Fedora communitys. All this nonsense about objecting closed code in the first place is just stupidity on their part. They should embrace whatever resources they have, especially when it becomes difficult to implement otherwise due to trade secrets, DRM etc. considerations.

    Fedora fglrx is an excellent example of an open source implementation that relies solely on one persons temporary interest in the matter. Because of the fragmentation and because nobody really leads the development, fglrx is now effectively dead on Fedora and perhaps 40% of the worlds users can't easily install the proper AMD driver to their distro.

    This hurts _nobody_ else except the Fedora project itself. Even more tragicomical it becomes with the fact that in my testing with a GTX660, Fedora corrupted the screen without fail in about 5 minutes of use. Some sort of memory leak apparently as the display started to slowly get filled with flashing textures immediately during the installation.
     
  34. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    This is an another great example of the downfall of too much openness. They fork OpenSSL instead of working on the project itself.

    This creates again two variations of the same solution and most likely either OpenSSL or LibreSSL are going to be maintained badly or completely abandoned some time in the future. Instead of combining the efforts to get 1 thing done properly, now the resources are split into two projects that may repeat eachothers mistakes and have to spend double resources redoing what has already been done. Dumb.
     
  35. devman

    devman 2[H]4U

    Messages:
    2,398
    Joined:
    Dec 3, 2005
    Disagree. Forking allows a different team with different ideas on how the API should be implemented to try it out and possibly produce a better result, it gives users more choices, and ultimately the community can decide which they will use. Competition is good even in the open source world.

    The commercial world is full of failures and half done and/or underfunded projects as well. This isn't unique to open source by a long shot, it just isn't as visible. Corporations also reinvent the wheel (Not invented here) just as much as open source projects do.

    The fact that anyone with a computer and a compiler can create an open source project does not degrade community.


    Fedora has never supported fglrx, I can't blame them for something not working that they don't support. Fedora doesn't rely on volunteer work regarding fglrx as they don't support it.. If you want to use fglrx in a supported manner, Fedora is not the distro for you, which is perfectly fine as there are others to pick from that do support and maintain integration with binary drivers.
     
    Last edited: Jun 12, 2014
  36. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,831
    Joined:
    Nov 1, 2012
    Ultimately the community will suffer because there is no standard way to do anything and implementation methods will vary so you cannot 'learn' one thing you must learn to do the same thing with 10 different variations. This is what keeps linux unpopular and is the demise of the community efforts.


    The fact that nobody controls the development and manages the resources is the thing that degrades the community. Too much half baked shit is coded every day and nobody issues resources to really finish the job if and when the half baked product that was 'good enough' for someone is needed for a more general use.


    Curiously enough fglrx was supported (unofficially or not) untill Fedora 20 which was when the package maintainer decided to quit.

    If Fedora never chose to officially support fglrx shame on them. They chose to gimp themselves to all AMD users.