Re: stopping mass surveillance

To: debian-user@lists.debian.org
Subject: Re: stopping mass surveillance
From: operation.privacyenforcement@mailbox.org
Date: Thu, 15 Dec 2022 22:53:00 +0100
Message-id: <[🔎] 489ed4fd-6827-de5f-630c-0ad5ee5bc40d@mailbox.org>
In-reply-to: <[🔎] CAO6YxPzvJM6n3TE4qGwmWw21Znnt7064aH3oj4bkuMG+Lns9xQ@mail.gmail.com>
References: <[🔎] 72f8db1c-a79a-ad46-362a-761f8c91e09f@secure.mailbox.org> <[🔎] Y5gsVz2xND166YNT@use> <[🔎] 04eb25aa-38bc-7c84-3577-489cbc4e76d4@mailbox.org> <[🔎] CAGAaCPDPUFYNagBbpyQwmdcxkjX0tBqR30Y18acx5Q3HqE=wPQ@mail.gmail.com> <[🔎] CAO6YxPzvJM6n3TE4qGwmWw21Znnt7064aH3oj4bkuMG+Lns9xQ@mail.gmail.com>

On 1/9/84 19:84, Timothy M Butterworth wrote something which will neverbe deleted again by the all seeing eye, selector match found

Any commercial VPN service provider provides the same level of protection
as Tor.


No, it does not.

Commercial VPN providers with no-log policy often had logs they handedout to the authorities. The authorities are acting on the laws in theirjurisdiction. They do not care about moral or fundamental rights.


Commercial VPNs often lack multi-hop support.

Commercial VPNs do not apply a workaround to avoid RDRAND, RDSEEDinstructions of the CPU like Tor does.

Commercial VPNs can be run by governments or agencies, infiltrated byagencies more easily, are provided mostly by only one company. On Toryou need to be routed through 3 bad nodes to be busted.

Circuit sets (and providers) are random, VPN multihops do not need to be.

Commercial VPNs are lacking the .onion part of Tor.

Commercial VPNs can be used to consolidate users traffic at one provideror instance, jurisdiction, e.g. IP protection of Safari, iCloud+ relay,Google One are deployed to force users traffic through servers under USjurisdiction control because their hoster headquarters are under USjurisdiction.

Commercial VPNs can be used to apply agency selectors more specificly toa region, household, country, area of a country, income bracket if runby agencies or governments.

Commercial VPNs can be used to run statistical analytics or intercepttraffic of their "specially interesting" users.

Commercial VPNs can be used to integrate their targets into theproviders LAN as a target.


Using VPNs or Tor does not protect against traffic correlation attacks.

Bulk data collection is immoral and unethical. Back in 2006 I found that
the USA was hosting photo shopped child porn. They used a JavaScript
vulnerability to create a backdoor on the visiting PC. Their hack only
worked if the user's account has admin privileges. Never surf the web on
windows using an account with admin privileges. The last time I checked on
the vulnerability was in 2010 and it was still not fixed even though it was
well known. I personally believe that the federal government was not
letting MS fix the vulnerability because they were using it as a back door
for data collection. 2006 is when I first moved to GNU/Linux with SUSE
Enterprise Linux Desktop SLED 10. By 2011 I no longer used Windows on my
personal systems so I stopped tracking the vulnerability. I can guess that
it is probably still not fixed.

Governments treat security vulnerabilities as doors and not as holes tofix. They are willing to risk any critical infrastructure, company,device, society member to apply surveillance.If security vulnerabilites are used by bad guys the government will useit to scream for more protection, meaning more surveillance to protectsociety against bad guys. win-win business regards surveillance.

If you read about Intel Management Engine and AMD PSP it is much worseif you consider it is a backdoor.

-integration into system components via kernel modules

-integration into system through user space application, e.g. WindowsIntel Management system packages

-integration of PAVP and HDCP via Intel Me (serial tracing?)
-KVM access
-network stack of UEFI
-iAMT
-direct and silent CPU, RAM access
-full remote manageability
-anti theft
-outbreak containment heuristic
-TLS
-IPV6
-autoshutdown after 30 minutes if ME is broken
-government agency HAP bit to disable it for high assurance platforms

-uefi integration, only the UEFI GUI for ME can be disabled. Not the MEfunction itself

-full access to storage without the OS or antimalware scanners knowledge

Tech is completely broken if you are a normal society member and notsome of the more important people.

It is built to deploy surveillance, profit and stimulate user activity.

The USA does not have a constitutional right to privacy from the
government. The only thing that comes close is the constitutional right
requiring a warrant for search and seizure of documents and property.

Iceland has a constitutional right to privacy. I don't know if there is a
VPN company running in Iceland but if there is that would be the one I
would get. https://ctemplar.com/icelandic-privacy-laws/ It would be nice if
the UN would push to follow Iceland's example.

It is important the company is not under any jurisdiction which isagainst fundamental rights or privacy. Companies are required tocooperate if under pressure. If they not comply they will be shutdown.

Iceland protects Facebook nasty practices.

Reply to:

Follow-Ups:
- Re: stopping mass surveillance
  - From: debian-user@howorth.org.uk

References:
- stopping mass surveillance
  - From: operation.privacyenforcement@secure.mailbox.org
- Re: stopping mass surveillance
  - From: Andy Smith <andy@strugglers.net>
- Re: stopping mass surveillance
  - From: operation.privacyenforcement@mailbox.org
- Re: stopping mass surveillance
  - From: Jeremy Hendricks <jwh1981@gmail.com>
- Re: stopping mass surveillance
  - From: Timothy M Butterworth <timothy.m.butterworth@gmail.com>

Prev by Date: Re: How to investigate sudden shutdown?
Next by Date: Re: stopping mass surveillance
Previous by thread: Re: stopping mass surveillance
Next by thread: Re: stopping mass surveillance
Index(es):
- Date
- Thread