Russia Fines Telegram $14,000 for Not Giving FSB an Encryption Backdoor

Russia Fines Telegram $14,000 for Not Giving FSB an Encryption Backdoor:

Posted in cell phones, encryption, fsb, privacy, private messaging, russia, security, telegram, you're doing great sweetie

This Is What A 21st-Century Police State Really Looks Like

This Is What A 21st-Century Police State Really Looks Like:

If you want to see the future of mass surveillance, look to China.

This is the end-state we have to fight: with legislation, elections, activism, protest, and resistance.

Posted in china, dystopia, mass surveillance, orwell, panopticon, police state, uighurs

(1)followup to the harassment question 1. I’ve only attended a few meetings but they appear to be held at the same place, this last meeting however was in a new location 2. They had a spy sit in on the meeting, leave about 30 minutes prior to the end of it, who then contacted another right-winger who showed up at the very end for the sole purpose of engagement and agitation. The man began making aggressive comments, started screaming that the group was “disgusting” and needed to “get out of his

Posted in Uncategorized

(2) town. A few people began to engage him (mostly outside contacts that were not members of the group) at which point he pulled his phone out and attempted to capture faces. Group members took a display from the book table and used it to attempt blocking his camera, they seemed relatively effective. Our group is located in the US, on a very liberal campus in a very liberal city.

A few thoughts:

1) What these guys are doing sounds a lot like suppressing the free speech of a student group. Especially if the aggressive right-winger is not a student, you may have a good case to go to the University itself and tell them that your right to assemble, organize, and speak are being infringed. Some offices you could try are Public Safety / Security or Student Life. While we’re all about opposing The Man here at OFA, this approach could have a few benefits:

– The University probably doesn’t want outsiders to interfere with student activities. Schools’ reputations are based on the perception that they are a safe place, so it would be their interest to stop this kind of thing from happening. They may agree to take some action that would effectively do your work for you, like banning the guy from campus, or from attending your meetings.
– If it turns out to be students who are disrupting your meeting, the University still may take your side.
– Even if they refuse to help, you will have created a paper trail that proves that you tried to address the problem via established academic channels created by The Man. The Man likes this. Perhaps emailing the departments mentioned above would be a good way to get it started. That way, if they decline to help, you can correctly say that you tried the proper channels first.

You can of course always skip this option if you feel there is good reason to, like that you don’t sufficiently trust the University or campus police.

2) It would make sense to contact activist groups in your city that are sympathetic to your views and ask a) if they would be willing to help directly and b) if they are willing to share their learning with you on how to deal with this kind of situation. This is what solidarity is all about! Groups like Democratic Socialists of America, Black Lives Matter, and others might be willing to talk with you. LGBTQ groups also have long experience dealing with harassment and agitators.

3) Get a picture of the fucker if he comes back, so you can distribute it to whoever needs it in the future.

4) This might be just two or three people who don’t like you. But if you think it might be more than that, go online and start looking through Facebook groups / twitter hashtags etc of local anti-you groups. Alt-right, MRAs, whatever is applicable to your city. You might find your antagonist, and having his identity would be very good.

Good luck! Let us know how it goes.

-OFA

Posted in Uncategorized

There’s a Serious Vulnerability in WPA-2, the Thing Everyone Uses.

WPA-2, the encryption standard that protects the transmissions of
virtually all modern wifi devices and keeps random kids in your city from being able to siphon your naked photos or sensitive political communications off your network, has been revealed to have a major
flaw.

The bad news: Basically everyone is vulnerable to some extent, and there is no fix available today for most devices.

The good news: There is currently no publicly available code to take advantage of this vulnerability, which requires a high level of skill to exploit. How vulnerable you are will realistically depend on your threat model (and what kind of device you have). Android devices are most vulnerable, Windows and iOS less so. Attackers will need to be in range of your wifi in order to perform the attack. And the extent that the infosec world is correctly freaking out about this means that patching this vulnerability should be a priority. But we expect vulnerabilities to persist in some unpatched routers and IoT devices for years.

We write this blog with the expectation that readers need better-than-average security. So while some of these recommendations might be overkill for average users, we make them with the understanding you are here because you want to be more careful and secure when possible.

What you should do:

1) Actually, stick with WPA-2 for now, and check your wifi settings! Since we don’t have anything better. Use WPA2-AES to reduce some of the impact of the attack. Decent Security has a good blog post on the details of how to set up your wireless network.

2) Use HTTPS (which provides a layer of encryption)
whenever possible. The easiest way to do this is use HTTPS Everywhere
with Chrome / Firefox. The KRACK vulnerability will not remove the
layer of security provided by HTTPS.

3) Watch for updates. Here’s a list of vendors who have already patched.

3) Contrary to what you
may read, we don’t recommend using a VPN at this point, especially since many
free ones engage in extremely disreputable activity with your data and
will turn it over to governments who ask for it anyway.

4) Avoid
connecting to public wifi until patches are issued.
Find out what router
you use at home or in your organization, and keep an eye out for
patches.

5) If it’s an option, consider using ethernet cables! They still exist and circumvent this issue.

Further reading: (from least to most technical)

What Is The Krack WPA2 WiFi Hack And How Can You Protect Yourself?

Wired – The ‘Secure’ Wifi Standard Has a Huge, Dangerous Flaw

TechCrunch article on KRACK

Ars Technica – How the KRACK Attack Destroys Nearly All Wifi Security

“Regarding Krack Attacks”

Original blog post by researchers who discovered “KRACK”

Posted in encryption, fuck, hacking, https, https everywhere, infosec, internet, krack, netsec, opsec for activists, tech, vpn, vulns, wep, wifi, wireless encryption, wpa2

CPU-Z vulnerability

There is currently a serious vulnerability in the popular utility CPU-Z. There is not yet a patch or upgrade available. If you are doing activist / political work and have it installed, we recommend uninstalling it and waiting for a fix. 

More here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15302

Posted in analysis, benchmarks, computers, cpu-z, infosec, tech, vulnerability, windows

Why must you share petty complaining on social media? Subjectively works better in your head.

It’s all we have in 2017 tbh

Posted in Uncategorized

Do you have any specific tactics or techniques with handling disrupters and agitators at organizational meetings? We had an incident at my university last night where a right-winger came into a meeting and began trying to engage. He became extremely disruptive and obviously we can’t lay hands on people in an official University setting

Sure, let’s talk. We’ll need to know more about the situation so we can be more helpful in our suggestions.

– do you meet in the same space every time?
– what did they do to disrupt the meeting?
– what country is your group in?

Your options will vary depending on a number of things. We
understand privacy may be a concern for you / your group so if you can,
message us privately here or at opsecforactivists@protonmail.com.
Thanks for reaching out!

Posted in Uncategorized

Another Vpn Gets A Bad Rep

Another Vpn to avoid, who to trust is becoming a common question regarding Vpns.

Purevpn helped the FBI

Here is a site to show which Vpns that we know of, which are not being honest.

Posted in fbi, purevpn, vpn

How do I know that you are trustworthy and not just a Trojan horse for malware, etc.?

We value privacy, it is such an important part of our life, and I just wish everyone took it seriously like you.  We spread information, we want everyone to read and to help build a more privacy focused life.  We try to give you the most accurate information, and we are always here.  

Posted in Uncategorized