If you leave your battery in your phone, even in the 'off' position, your phone is still on, still capable of receiving and sending, including E911. Just because the screen says it's been turned off, doesn't mean it's been turned off. Pull the battery out.

Soon though, that won't be enough, and your phone and other devices will be able to transmit their location, data, etc. without the need for a battery.

I picked up one of these (Black Hole Faraday Bag - RF Signal Isolation for Forensics, Large Window Size) and toss my gadgets in it, roll it up when I'm out traveling and don't need my phone broadcasting my location, GPS or AGPS every 3 seconds. Same with my iPad, GPS, EZ-Pass, and so on.

...aaaand, here's some code to use to make your own (which I just posted about only yesterday

#!/usr/bin/perl

use warnings;
use strict;
use LWP::Simple;
use XML::RSS;
use HTML::Strip;
use File::Slurp;

my $url = 'http://feeds.bbci.co.uk/news/world/rss.xml';

binmode(STDOUT, ":utf8");

my $hs = HTML::Strip->new();
my @newscanary = '';

my $rss = XML::RSS->new();
my $data = get( $url );
$rss->parse( $data );

my $channel = $rss->{channel};

foreach my $item ( @{ $rss->{items} } ) {
        my $title = $item->{title};
        my $date = $item->{pubDate};
        my $desc = $hs->parse($item->{description});

        # Word wrap the output at 70 characters
        $desc =~ s/(.{70}[^\s]*)\s+/$1\n/xg;

        push @newscanary, "$title\n$date\n" . "-"x70 . "\n$desc\n\n\n";
}

write_file('canary.txt', @newscanary) ;

my $boilerplate = read_file('boilerplate.txt', {binmode => ':raw'});
my $newscanary = read_file('canary.txt', {binmode => ':raw'});

print $boilerplate, $newscanary;

$hs->eof;

And what happens when those keys are transmitted in the clear, across the two endpoints, when SSL might as well be cleartext at this point, given the computational power, intentional design flaws and other mechanisms of the NSA to break the conversation in real-time.

Still trust the other end? I don't.

Do you trust your exit node or proxy? Defcon had a recent talk on setting up proxy servers as a very quick way to find people who have something to hide. Now you have their IP address and their destination.

It's not just about exit nodes anymore. The NSA can, and regularly does, de-anonymize users within the Tor network, with or without compromised or 'baddie-controlled' exit nodes.

Tor works only as long as exit nodes are not in the bad guy's control.

Correction: Tor only works (in its current implementation) when there isn't a single bad node in the entire network. IOW, not going to happen.

Let's also keep in mind that 60+% of the funding for Tor, comes directly from the Department of Defense (DoD).

Concerned yet? You should be.

But Trsst relies on a protocol (SSL) that we know is now suspect, and likely broken in most cases (weak keys, compromised CAs).

So what now?

Then they can make a public and private key for whatever.com. Then they use their fake Intermediate CA Inc.certificate to sign that. Unless you the person visiting whatever.com specifically have an original copy of the real whatever.com certificate public key, and you look at the public key of the certificate every time you visit the website, you'll never notice that the NSA has replaced the real certificate with theirs. As long as they're using the correct Verisign private key, your browser will not detect any problems.

This is precisely why you should be checking site fingerprints and using browser add-ons like Certificate Patrol, in combination with a secure browser (eg: TorBrowser).

If you blindly stumble around the Internet accepting certs, not checking source and destination, you deserve what you get. If you verify the authenticity of your connections, and deny/block/forbid those that don't match, you'll be much closer to the secure environment we're all striving for.

The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.

Actually, no, it can't. You're thinking of i2p, not Tor.

If you're confused, you need to read up on the major flaws and vulnerabilities in Tor that allow the NSA or enough controlling entities to de-anonymize anyone using Tor. In fact, the more Tor exit nodes, the easier it is.

The tremendous spike in users using Tor could be both in reaction to the NSA news, or proactive from the NSA ramping up their use of Tor to more-rapidly de-anonymize the traffic coming across those exit nodes.

They don't need to crack the traffic, if they de-anonymize the clients in and out of Tor, it's cleartext on both ends. With SSL and VPNs now being as wide open as cleartext and easily broken, it's a moot point.

http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html

And direct yourself and others to Project Meshnet:

https://projectmeshnet.org/

Sorry, but it's now too easy to de-anonymize traffic within and around Tor. The more Tor nodes there are, the -easier- it becomes.

Read and learn, then direct everyone to start using i2p and Project Meshnet (https://projectmeshnet.org/)

http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html

They do not need to do real-time processing of the data: that is only necessary for filtering.

That may be true for passive surveillance (http traffic, emails, IMs), but most-definitely not for VPNs, as in this specific case.

You absolutely need to trap the packets in real time in order to actually break the VPN connection open so you can get at the actual payload (cleartext, post-decrypted) data within the stream. The initial cryptographic handshake has to be captured, in order for them to peel it open and get inside.

You can't do that days later, when all you have is an encrypted stream of bits.

<cite>http://www.groklaw.net/article.php?story=20110409161444432</cite>

So basically they Won.

They don't win unless we've stopped fighting. And we're a long, long way from that.

Eighty Nine Percent of New Zealanders oppose new legislation to broaden the powers of the GCSB, the New Zealand Signals Intelligence agency that has tradisionally been used to spy on other countries.

But wait, that also means that at least 51% of the population actually voted for those who put these laws and legislation into effect. Can the same people who voted them into power, also vote them out?

It doesn't matter if she was searching for 'pressure cooker bombs', because that is not illegal!

She has not committed any crime, nor should she be suspected of one. In fact, she shouldn't have let them in the house, because they have no warrant, nor any valid reason to suspect her of doing anything against the law.

Since when was curiosity or knowledge seeking a crime? Is that where we are now? Living in fear of learning more, because those who think they're holding the power, are looking at everything we do?