+ Reply to Thread
Results 1 to 10 of 10

Thread: PRISM BREAK, a potential way to protect your devices

  1. Link to Post #1
    UK Avalon Founder Bill Ryan's Avatar
    Join Date
    7th February 2010
    Location
    Ecuador
    Posts
    34,276
    Thanks
    209,114
    Thanked 457,621 times in 32,796 posts

    Default PRISM BREAK, a potential way to protect your devices

    This was sent to me privately by kfm27917, and I found it very interesting. I'm not sufficiently geeky to evaluate it, but I felt I should share the information here.

  2. The Following 35 Users Say Thank You to Bill Ryan For This Post:

    aledum (23rd February 2023), angelfire (24th February 2023), atman (23rd February 2023), avid (23rd February 2023), Ben (23rd February 2023), Dorjezigzag (22nd February 2023), drneglector (24th February 2023), Ewan (23rd February 2023), ExomatrixTV (22nd February 2023), Franny (22nd February 2023), Gwin Ru (22nd February 2023), halcyon026 (23rd February 2023), Harmony (23rd February 2023), Ioneo (22nd February 2023), Johnnycomelately (23rd February 2023), Joseph McAree (23rd February 2023), kfm27917 (23rd February 2023), kudzy (22nd February 2023), mab777 (23rd February 2023), Matthew (22nd February 2023), meeradas (23rd February 2023), Michi (23rd February 2023), Miller (24th February 2023), mizo (22nd February 2023), mountain_jim (23rd February 2023), Nasu (23rd February 2023), Operator (23rd February 2023), palehorse (24th February 2023), pounamuknight (25th February 2023), pueblo (23rd February 2023), Sadieblue (24th February 2023), SpookyMulder (23rd February 2023), superior88 (24th February 2023), Tintin (23rd February 2023), Yoda (23rd February 2023)

  3. Link to Post #2
    United States Avalon Member Kuperkai's Avatar
    Join Date
    10th October 2020
    Location
    Bay Area, CA USA
    Language
    English
    Posts
    115
    Thanks
    619
    Thanked 952 times in 114 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Hi Bill. I came across prism-break.org several years ago after digesting the Snowden revelations. While many of their suggestions are good, there is a "woke" slant to their recommendations. Let me give you some examples:
    • For email & productivity they recommend Riseup. First of all, Riseup is the home for left wing activists. From the top of their homepage:

    Quote Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
    Riseup retains the encryption keys to your email. Is that what you want? Second, email is INHERENTLY not private. Riseup does not encrypt their email and does nothing to strip the metadata from the email header. From their own help page:
    https://riseup.net/en/security/messa...iseups-webmail
    Quote Can I send and receive encrypted email using riseup’s webmail?
    At the moment this is not possible. It is much better for riseup users who want to use encrypted email to utilize an Email Clients (such as Thunderbird) to send and receive email, while keeping your private key stored safely on your local machine.
    Now, thunderbiird is a great email client, but to use it effectively, you will need to use a PGP addon (the email receipient will also need a PGP addon), BUT your metadata is still sent in the clear. As Snowden said, the metadata- who is talking to who and when are they talking- is extremely important to the intelligence services and to your privacy.

    For search they recommend DuckDuckGo. Yes really they do. DuckDuckGo is woke as well. Here is an article describing how they are combating Russian disinformation:
    "The DuckDuckGo Users Furious at Its Response to the War in Ukraine"
    https://slate.com/technology/2022/03...wnranking.html

    For Instant Messaging, they recommend Signal. Signal has good end-to-end encryption, BUT they know your phone number- NOT private. When you setup Signal, if you are not careful with the settings, it will grab all of your contacts- NOT private. From a Signal support page:
    "Does Signal send my number to my contacts?"
    https://support.signal.org/hc/en-us/...o-my-contacts-

    Quote How does Signal know my contact is using Signal?
    Signal developed a private contact discovery process that enables Signal clients to efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service. Once your phone knows which of your contacts is a Signal user, it can optionally notify you when a new contact has started using Signal.
    Hmmm. that seems like a lot of technospeak for saying we analyze your contacts and see of they are Signal users. As privacy tech guru Rob Braxman said, Signal is good for friends and family, BUT NOT for people you don't know nor for privacy conscious groups.

    For secure messaging without metadata, I think Session is the app. You can research it for yourself here:
    https://getsession.org/
    It has a learning curve, but it is a robustly secure messaging platform. Interestingly, I could not find Session listed anywhere on Prism-Break.org.

    For VPN they recommend Mullvad, and I think that is the preferred choice for crypto users. KeepPassXC is also a good password manager, but to use it really securely you probably want to couple it with a hardware key like YubiKey and configure the Yubikey for Local Authentication using Challenge Response, otherwise know as "HMAC-SHA1 Challenge-Response". Here is an article on how to use a YubiKey with the KeepPass password manager for Local Authentication:
    https://support.yubico.com/hc/en-us/...y-with-KeePass

    MacOS Catalina and LATER users are out of luck, as Apple has changed login entitlements which PREVENT the use of a YubiKey for Local Authentication using Challenge Response [Explanation is listed in red bold letters at the top of this article]:
    https://support.yubico.com/hc/en-us/...guration-Guide

    Rob Braxman recently said that the big tech companies want to move the masses to SERVER based 2FA using your phone, which means they will know PRECISELY who you are (UNLESS you have a secondary phone JUST for server based 2FA, which is NOT tied to anyone's identity). Looks like it is time to decentralize and move to GNU/Linux.

    So, my take on Prism-Break.org is use it as a starting point and understand their woke bias. To get a higher level of security discernment listen to Rob Braxman's podcasts. He can be a little long winded sometimes, but he knows his stuff. You can find Rob Braxman on YT, Rumble Odyssey:
    YT
    https://www.youtube.com/c/BraxMe/videos

    Rumble
    https://rumble.com/c/robbraxman

    Odyssey
    https://odysee.com/@RobBraxmanTech:6?

    Note- Each platform has a different group of commenters, which leads to different discussions and insights.

    For your privacy conscious Avalon members, here are two very pertinent podcasts from Rob Braxman:
    "2 Factor Authentication: How to Counter its Abuse by Big Tech"
    https://www.youtube.com/watch?v=nbnWdA2JBik

    The Hidden Networks: Onion Routing, TOR, Lokinet, I2P, Freenet
    https://www.youtube.com/watch?v=Ygxuwec1BsI

  4. The Following 35 Users Say Thank You to Kuperkai For This Post:

    aemay (25th February 2023), Alan (24th February 2023), atman (23rd February 2023), Bill Ryan (23rd February 2023), drneglector (24th February 2023), Eva2 (24th February 2023), Ewan (23rd February 2023), ExomatrixTV (23rd February 2023), Franny (23rd February 2023), George (25th February 2023), halcyon026 (23rd February 2023), happyuk (23rd February 2023), Helvetic (23rd February 2023), Ioneo (23rd February 2023), Johnnycomelately (23rd February 2023), kfm27917 (23rd February 2023), leavesoftrees (24th February 2023), mab777 (23rd February 2023), Matthew (23rd February 2023), Michi (23rd February 2023), mountain_jim (23rd February 2023), Nasu (23rd February 2023), pabranno (23rd February 2023), palehorse (24th February 2023), pounamuknight (25th February 2023), pueblo (23rd February 2023), Reinhard (23rd February 2023), ronny (23rd February 2023), Sadieblue (24th February 2023), samsdice (23rd February 2023), SpookyMulder (23rd February 2023), superior88 (24th February 2023), Tintin (23rd February 2023), Vicus (23rd February 2023), zebowho (23rd February 2023)

  5. Link to Post #3
    Wales Avalon Member
    Join Date
    8th October 2012
    Location
    Wales, UK
    Language
    English
    Age
    55
    Posts
    978
    Thanks
    5,975
    Thanked 7,223 times in 940 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Very informative Kuperkai, many thanks.

    I agree with point about using 2FA via phone. Though better than having no 2FA at all, the codes are sent through unreliable third-party mediums and the safety of sending a code through an SMS message can depend on the mobile provider.

    Twitter recently got rid of the 2FA via mobile phone option, with Elon Musk saying that many telecommunications companies are not being very honest and are just playing with the system:

    Quote And they run like text SMS two-factor authentication over and over again, and just get millions of bot accounts to actually run tabs so Twitter will text them. Twitter will just pay them millions of dollars"

  6. The Following 11 Users Say Thank You to happyuk For This Post:

    Bill Ryan (23rd February 2023), Ewan (23rd February 2023), Franny (23rd February 2023), Johnnycomelately (23rd February 2023), kfm27917 (23rd February 2023), Matthew (23rd February 2023), Michi (23rd February 2023), mountain_jim (23rd February 2023), pabranno (23rd February 2023), pounamuknight (25th February 2023), Tintin (23rd February 2023)

  7. Link to Post #4
    Canada Avalon Member Richard S.'s Avatar
    Join Date
    20th January 2011
    Location
    Montreal Area, Canada
    Age
    60
    Posts
    351
    Thanks
    6,210
    Thanked 2,058 times in 309 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Funny how I have all-ways been an advocate for keeping your data in your hands.

    For Entreprise suite, they suggest Nextcloud. I use it and would recommend it if you can.

    https://nextcloud.com/

    About: We help you achieve a safe home for all your data. Secure, under your control and developed in an open, transparent and trustworthy way. We are Nextcloud.

    It does it all, document editing, all levels of messaging, calendaring, contact management. You can add to it from a library of add-ons.

    I think it is best.

    Not an easy one since I have my own Debian servers, and understand that it is not for everyone.

    I don't recommend keeping your data online. What happens when the cord to the internet is cut from under your feet at once. You've just lost it all.

    Keep your data in your hands and back it up.

    An easy solution for everyone is using pocket USB drives, store your data onto those devices and keep multiples of them, that way you will never lose a syllable!

  8. The Following 11 Users Say Thank You to Richard S. For This Post:

    angelfire (24th February 2023), Bill Ryan (23rd February 2023), Ewan (23rd February 2023), ExomatrixTV (23rd February 2023), Franny (23rd February 2023), happyuk (23rd February 2023), Matthew (23rd February 2023), Michi (23rd February 2023), mountain_jim (23rd February 2023), Nasu (23rd February 2023), pounamuknight (25th February 2023)

  9. Link to Post #5
    Avalon Member mountain_jim's Avatar
    Join Date
    8th December 2010
    Posts
    8,760
    Thanks
    59,362
    Thanked 77,728 times in 8,598 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    I worked with cloud data solutions for years in my previous career roles - yet I also choose to keep all my backups on USB drives, usually 1-3 Terabyte ones which can hold multiple systems' data.

    When I leave home all of my important home data travels with me in one of these drives. (Which I keep in a faraday case when not in use at home.)
    I don't believe anything, but I have many suspicions. - Robert Anton Wilson

    The present as you think of it, and in practical working terms, is that point at which you select your physical experience from all those events that could be materialized. - Seth (The Nature of Personal Reality - Session 656, Page 293)

    (avatar image: Brocken spectre, a wonderful phenomenon of nature I have experienced and a symbol for my aspirations.)

  10. The Following 7 Users Say Thank You to mountain_jim For This Post:

    Alan (24th February 2023), angelfire (24th February 2023), Ewan (23rd February 2023), Ivanhoe (23rd February 2023), Matthew (23rd February 2023), Nasu (23rd February 2023), pounamuknight (25th February 2023)

  11. Link to Post #6
    UK Avalon Member Matthew's Avatar
    Join Date
    24th July 2015
    Location
    South East England
    Language
    English
    Age
    51
    Posts
    4,138
    Thanks
    25,645
    Thanked 36,193 times in 4,071 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Quote Posted by mountain_jim (here)
    I worked with cloud data solutions for years in my previous career roles - yet I also choose to keep all my backups on USB drives, usually 1-3 Terabyte ones which can hold multiple systems' data.

    When I leave home all of my important home data travels with me in one of these drives. (Which I keep in a faraday case when not in use at home.)
    Me too. I joke that "The Cloud" is actually "Someone Else's Computer", but not while I am an active technical specialist helping companies with their cloud solutions. Ok, I do sometimes.

    We went from Mainframes to Personal Computers, because people found they liked having the sovereignty of data processing at their fingertips with a PC, rather than have to negotiate for centralised processing power on a mainframe. Now it's gone back to centralised processing, with people giving up their local power and becoming hostages to the service health and cloud costs that never decrease. Stick the word Enterprise on the front and the costs increase by a factor of crazy.

    I also don't often joke that we will cycle back to local processing before too long, after everyone is sick of feeling like a hostage.

  12. The Following 6 Users Say Thank You to Matthew For This Post:

    Ewan (23rd February 2023), Franny (23rd February 2023), mountain_jim (23rd February 2023), Nasu (23rd February 2023), pounamuknight (25th February 2023), TealHorizon (23rd February 2023)

  13. Link to Post #7
    Avalon Member gord's Avatar
    Join Date
    13th October 2015
    Location
    The Vampire State
    Language
    English
    Age
    61
    Posts
    694
    Thanks
    14,972
    Thanked 4,605 times in 673 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    My understanding is that there are no devices available to the general public which can be made secure by apps, operating systems, or firmware, because they are all designed at the hardware level to be insecure.
    The only place a perfect right angle ever CAN be, is the mind.

  14. The Following 6 Users Say Thank You to gord For This Post:

    Ewan (24th February 2023), Franny (23rd February 2023), Matthew (24th February 2023), mountain_jim (25th February 2023), palehorse (24th February 2023), pounamuknight (25th February 2023)

  15. Link to Post #8
    Canada Avalon Member Ernie Nemeth's Avatar
    Join Date
    25th January 2011
    Location
    Toronto
    Age
    66
    Posts
    5,659
    Thanks
    26,233
    Thanked 36,600 times in 5,379 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Digital electronics are intrinsically insecure.

    Billions are stolen from the banks each year, by low tech digital means alone. A few hundred dollars and anyone can get in on the action too! It's simple.

    The only way to keep data secure digitally is never to share any of the info with anyone, never access that data in any way, and basically just forget there is data on a disk somewhere. Because as soon as the data is hooked to a computer it becomes vulnerable to attack. Even the disk or stick or outboard memory can be stolen...
    Empty your mind, be formless, shapeless — like water...Now water can flow or it can crash. Be water, my friend. Bruce Lee

    Free will can only be as free as the mind that conceives it.

  16. The Following 4 Users Say Thank You to Ernie Nemeth For This Post:

    Ewan (24th February 2023), Matthew (24th February 2023), mountain_jim (25th February 2023), pounamuknight (25th February 2023)

  17. Link to Post #9
    Argentina Avalon Member Vicus's Avatar
    Join Date
    6th October 2020
    Location
    Europa
    Language
    Spanish
    Posts
    1,676
    Thanks
    14,660
    Thanked 16,327 times in 1,659 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    1)"While many of their suggestions are good, there is a "woke" slant to their recommendations. Let me give you some examples:"

    2)" For search they recommend DuckDuckGo. Yes really they do. DuckDuckGo is woke as well. Here is an article describing how they are combating Russian disinformation:
    "The DuckDuckGo Users Furious at Its Response to the War in Ukraine"
    https://slate.com/technology/2022/03...wnranking.html"

    post from Kuperkai https://projectavalon.net/forum4/sho...=1#post1544778

    *First topic freeze me on track! wherever the term "woke" appears I kiss all goodbye...

    *Second topic is the grave stone for DuckDuckNO

    Now they make updates only up Win. 10 huuummm...

    I remember and posted somewhere in this forum, that when Win 10 came out, Kaspersky (Russian anti/everything)
    was elected best anti virus, etc. 5 years in a row world wide. And they send a warning to Microsh1t about too many "holes" in that system, holes that compromise your Pc, laptop, etc. from the go...
    And how respond Microsh1t? they demonize Kaspersky world wide because... it is Russian!

    And this list don't recommend Telegram and Yandex too because...what? because they are Russian products too!
    "They" cant control Russia in anyway! therefore...

  18. The Following 6 Users Say Thank You to Vicus For This Post:

    Ewan (24th February 2023), Matthew (24th February 2023), mountain_jim (24th February 2023), palehorse (24th February 2023), pounamuknight (25th February 2023), Sunny (24th February 2023)

  19. Link to Post #10
    Avalon Member palehorse's Avatar
    Join Date
    13th April 2020
    Location
    Gaia
    Language
    English
    Age
    46
    Posts
    1,630
    Thanks
    12,042
    Thanked 11,414 times in 1,572 posts

    Default Re: PRISM BREAK, a potential way to protect your devices

    Quote Posted by gord (here)
    My understanding is that there are no devices available to the general public which can be made secure by apps, operating systems, or firmware, because they are all designed at the hardware level to be insecure.
    damn right!

    Code:
    intelmetool]$ sudo ./intelmetool -b
    Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...
    
    MEI found: [8081:1d3b] 7 Series/C217 Chipset Family MEI Controller #1
    
    ME Status   : 0x1e000245
    ME Status 2 : 0x63000106
    
    ME: FW Partition Table      : OK
    ME: Bringup Loader Failure  : NO
    ME: Firmware Init Complete  : YES
    ME: Manufacturing Mode      : NO
    ME: Boot Options Present    : NO
    ME: Update In Progress      : NO
    ME: Current Working State   : Normal
    ME: Current Operation State : M0 with UMA
    ME: Current Operation Mode  : Normal
    ME: Error Code              : No Error
    ME: Progress Phase          : Host Communication
    ME: Power Management Event  : Global reset after an error
    ME: Progress Phase State    : Host communication established
    
    ME: Extend SHA-256: 054a7f0413fct4e8084236cf6ee64c9bqa2298b175b9kb6b8cb7219332714bu9
    
    Error mapping physical memory 0x0000004065546240 [0x2000] ERRNO=1 Operation not permitted
    Could not map ME setup memory.
    Do you have kernel cmdline argument 'iomem=relaxed' set ?
    Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...
    
    IO error couldn't read MSR.: Input/output error
    Could not read the BOOTGUARD_SACM_INFO MSR.
    The above is when you have intel ME on board.

    Here is a nice presentation of the issue, worth the time reading.
    --
    A chaos to the sense, a Kosmos to the reason.

  20. The Following 6 Users Say Thank You to palehorse For This Post:

    Ewan (24th February 2023), gord (28th February 2023), Matthew (25th February 2023), mountain_jim (25th February 2023), pounamuknight (25th February 2023), Vicus (25th February 2023)

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts