I follow a large blog (I've been published there even!), that I found out tonight that the FBI re-routed visits to their servers for several months in 2011, attached cookies to follow later, they collected information on 10% of the visitors, and tracked subsequent internet visits.....so I now have a 10% chance of being on an FBI "watch list" or whatever.

I am outraged, and I don't know what to do (or even think) about it. Frankly, I am not savvy enough to do anything about it, but I'm outraged nonetheless.What in the world has happened to our country, that we can't induldge in our hobbies/interests/passions online without worrying about the fedgov keeping track of what they THINK is.....I don't know, against national interests?

I am a part of the problem, in that I don't SHOUT TO THE WORLD the slow degredation of our privacy and freedoms. Frogs slowly boiling in the pot.

It is just such an absolute invasion of my privacy.

What say you?

What say you?
Limited government, fiscal responsibility & free markets.

Do you have some details on the site they monitored? I'd like to look into this a bit.

How did you find out that the FBI monitored the site?
Is there information how they routed people to their servers?

Any more information you can give us to make us all more aware of what is happening?

I'll go only a little bit out on a limb here, and suggest that whoever runs your blog is not an Internet technical guru, and perhaps was misinterpreting the FBI's efforts to stamp out the DNS Changer malware that has infected a sizeable portion of the computers in the USA.

http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

http://www.fbi.gov/news/stories/2011/november/malware_110911

I could find out for sure with a few details, and a quick step to the other side of this door...

https://lh3.googleusercontent.com/-6HZfKkZgCcU/TLEnS60-ExI/AAAAAAAABv8/3LMVefXaTYc/s576/img_0823.jpg

Was this the link?

http://survivalblog.com/2012/03/important-message-from-jwr-the-fbis-cookie-caper-and-the-vpn-imperative.html

It sounds like they were looking for intellectual property rights violations.

Still, if being tracked is a concern, then the steps outlined in the blog post sound good. Disabling cookies is a good idea for many reasons.

Well it seems to me the federal government is pretty much tracking everything online (and maybe all phone traffic too) if that's any consolation :~)

But perhaps I exagerate and it's not there yet, just getting there (there have been a ton of news articles on this and they are all blending together in my brain at this time).

To give a taste:
http://original.antiwar.com/fisher/2010/12/06/government-forced-to-release-docs-on-spying-program/
http://www.aclu.org/blog/national-security/government-confirms-it-has-secret-interpretation-patriot-act-spy-power


I am a part of the problem, in that I don't SHOUT TO THE WORLD the slow degredation of our privacy and freedoms. Frogs slowly boiling in the pot.

+100 I shout, but it takes a toll, wish there was a movement to join (I'm already ACLU card carrying :)).

But as for this particular situation and your very direct feeling of violataion it may be as bae says and not as it seems. It seems we lack sufficient info here. (?)

Maybe looking at this from a different perspective, but... it's the internet! When you (generic you) put something/anything out on the internet it's THERE... for anyone/everyone. Anyone with the know-how can track/access/monitor/whatever pretty much anything out in cyberland - be it a private citizen, marketers tracking consumer info, advertisers, the government, etc. And my guess is that most of this is done without our knowledge or permission. So I'm not totally convinced it is a privacy issue when folks freely put the info out there.

And I'm not saying that the tracking/monitoring by any unauthorized person/group is acceptable, just that the reality on the internet is that it happens - right or wrong - it's reality.

One of the great things about the US is that you can actually follow up with this -- file a FOIA request on yourself and see what they have in your file. I've never done it, but plan to after I retire, just out of curiousity. I currently work as a sub-contractor to a federal agency and I have spent about 15 of the last 20 years in China, much of it working in sensitive regions/for an organization I know is probably on some kind of Chinese "watch list" and my DH still works for them, so I pretty much figure that my every electronic word is probably being stored in a file somewhere by either the Chinese or the US gvt, and most likely both. I can't do anything about it, and i'm not going to change my interests/profession/past history, so I just kind of live with it.

If China ever has major changes like the former east bloc I will be really interested to get my file on this side, too, though -- would love to see how they understood/explained some of the stupid mistakes I made when I first came here (like staying with my Tibetan friend's sister the police officer, in the middle of the police compound in a remote county in Sichuan -- not exactly protocol, especially in the mid-90s, but she literally dragged me there as soon as I got off the bus insisting that it was the safest place in town. She was probably right, but her superiors clearly were not thrilled by the idea. I'd love to see the self criticism I know she had to write... )

bae, what's the DNS Changer malware? I hadn't heard of that.

Limited government, fiscal responsibility & free markets.

Right. Because private companies are always on the up & up, dontcha know?

I've operated under the assumption that this practice has been fairly widespread for quite some time. In truth, I've become a bit apathetic about it (which is exactly how such things begin to take root). Part of my problem is that my SIL and her family live in Pakistan. She is married to a Pakistani diplomat and has lived there for 15 years or so. We always figured that as soon as we dialed her number the first time we were on file with the FBI, CIA, NSA and whatever other three letter organization is out there watching. I also occasionally visit the survivalblog site so I suppose its a given now. Maybe it is time to leave the apathy behind. I'll be very interested to see what take our more tech savvy members have on this development.

As a side question for bae, Alan and all you knowledgeable folks - does it make sense to have a separate computer to store critical files and documents that is never hooked up to the internet and so not susceptible to malware, virus, future Stuxnets or whatever other nasty bugs and spyware come along? I'm thinking of simple things like family photos of course, but also scanned legal documents, contact and communication info, etc. Cloud storage is nice because of the ability to access info from any computer, but what (really) are the chances that access could be compromised?

bae, what's the DNS Changer malware? I hadn't heard of that.

The two FBI links I provided above go into some detail.

In essence, it changes your DNS settings to point to The Bad Guys' DNS Resolvers, which allows The Bad Guys to redirect and intercept your connections. It is/was pretty widespread, and the FBI, with a court order, had The Internet Powers That Be stomp on the Bad Guys' addresses, and redirect them to clean name resolvers.

Which is probably why the Survivalblog guy was seeing traffic coming in from FBI addresses, because the FBI set up the replacements.

Nothing tin-foil-hatwise to see here, the explanation found on the Survivalblog site indicates the author has very little understanding of the underlying technological issues(*), but plenty of paranoia :-)

(*)At my last company, my main products were really really big, really fast network data storage systems, and a line of distributed, heirarchical caching proxy servers that could operate transparently. Some of our biggest customers were 3-letter agencies. Some entire countries ran all their Internet traffic through our proxy devices...

As a side question for bae, Alan and all you knowledgeable folks - does it make sense to have a separate computer to store critical files and documents that is never hooked up to the internet and so not susceptible to malware, virus, future Stuxnets or whatever other nasty bugs and spyware come along?

I used to do that, for the computer I did my financial planning and taxes on, because the consequences of a boo boo were pretty bad.

Now though, I go with :

- a more robust backup scheme locally (as storage is essentially free, those little 2 terabyte USB bricks rock)
- storing copies of non-sensitive information in the cloud
- storing encrypted copies of sensitive information in the cloud
- having preconfigured bootable storage devices ready to go so I can boot a computer to a known-good state and recover
- having good firewalls on my home networks

If I was doing anything Super Secret Squirrel, I'd use a clean computer that had no network connectivity, and even then I'd be mighty careful in my procedures.

If I were really paranoid, I'd think long-and-hard about this paper:

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

When I used to design and sell secure computing systems, we had to worry about stuff like that. Now I mostly just have to worry about raccoons and mink, life is simpler :-)

Thanks bae. I'm curious, along with your other security/privacy measures do you use VPN? I've heard a few people discuss the virtues of using it and the survivalblog author seems to consider it imperative. The concept makes sense, but I don't know if it actually works as well as it sounds like it should.

For general use, no Gregg, I don't worry about using VPN, and think it introduces perhaps more problems than it solves. I mean, why should I extend my trust to some random enterprise to run a "secure" network for me? The fellow selling you the VPN service could well be compromised by your opposition. Plus you are introducing additional network latency, and additional points of failure reliability-wise. Plus plus, using these sorts of services by itself Would be a red flag to certain sorts of opposition...

Rather than latching onto a technology as "the solution", I'd recommend starting out with a sober assessment of your concerns and opposition, then generating a set of requirements to design a set of tools and procedures that will work for you.

If you have the knowledge and resources to set up your own array of VPN/proxy servers/darknet routers/..., well, then your trust issues are different :-)

Lol, no such skill set here (but I always loved the term "darknet"!). My opposition is likely pretty limited. A few contacts raise flags, no doubt, but in the end they are innocent and boring enough to not cause concern for anyone watching. No secret squirrels, hy-spys, spy vs. spys or much of anything beyond kid pics and small scale capitalism floating around my cpu. Your concerns with VPN make a lot more sense than the argument in favor of it, at least in my world. Thanks.

I also have one of the 2TB USB bricks that works quite well for backup storage. My only real concern with that would be accessing the information stored on it should my computer be infected, but the bootable storage should cover that base.

The other technique I use is to live a perfectly boring, non-secret-squirrel life :-)

The most sensitive information on our home network is the recipes for this year's county fair competition, that's cloak-and-dagger stuff right there.

Lest anyone think a VPN is really secure, an anecdote from my internet experience last night while using a VPN.

DH sent me a news article about a controversial story that was being scrubbed from the internet here in China.

I posted a link to the article and a comment about a certain race car (starts with F, name supposedly banned from internet sites here due to said news story). Comment would not post to Facebook (just hung there endlessly), and within seconds not only had my VPN hung up, my entire internet connection seemed to have been shut down.

Closed explorer, reset internet, logged in to VPN again and changed server, went back on facebook and posted a link to another local news story (about newly designated counties targeted for poverty relief efforts here in China). Link and first comment posted fine, but when I posted a follow up comment mentioning that a high percentage were minority counties, many in western Sichuan (where I used to work and where there is a high concentration of a particular minority who at the moment are rather unhappy, though I didn't say that in the comment), and named some of those places by name, the comments wouldn't post. This time I actually got a little "unable to post comment at this time" message from Facebook, which was interesting (first time I had seen that -- usually it just hangs endlessly and doesn't go through). Again, at this point my whole internet connection seemed to freeze up.

Maybe there is an explanation for this that doesn't have to devolve into a conspiracy theory, but I don't think things hanging up like they did in relation to these posts was an accident or a coincidence. Probably best if I just go back to posting about my favorite youtube videos (keyboard cat rocks!)

lhamo

bae: thanks for the less-sinister explanation.