Packing list for big brother
January 22, 2013 3:11 PM Subscribe
If one was moving to a country that engages in surveillance of its citizens as well as foreigners and you wanted to best protect yourself, what would you buy?
I found this site of "bug detectors" but I have no idea if they work or what to buy.
Is there a guide to this online?
Does it matter where one is going?
Helpful facts: I have all the "protect my computer and mobile" stuff taken care of. I'm certain that I will be monitored in public (I have been before). I know that this government engages in camera and audio surveillance of dissidents and some foreigners.
My goal is to know if it is happened to me and then be more cautious. (I will be cautious all the time, but I would increase my levels if I was being actively monitored.)
I found this site of "bug detectors" but I have no idea if they work or what to buy.
Is there a guide to this online?
Does it matter where one is going?
Helpful facts: I have all the "protect my computer and mobile" stuff taken care of. I'm certain that I will be monitored in public (I have been before). I know that this government engages in camera and audio surveillance of dissidents and some foreigners.
My goal is to know if it is happened to me and then be more cautious. (I will be cautious all the time, but I would increase my levels if I was being actively monitored.)
Response by poster: A post-Soviet state that is authoritarian.
posted by k8t at 3:20 PM on January 22, 2013
posted by k8t at 3:20 PM on January 22, 2013
You may wish to anonymize this post, because it's pretty clear which country you will be going to.
posted by KokuRyu at 3:48 PM on January 22, 2013 [3 favorites]
posted by KokuRyu at 3:48 PM on January 22, 2013 [3 favorites]
Response by poster: I'm not too concerned about being found here. I have a policy of transparency in my online writing that makes it easier to not have to remember what I wrote where and who knows about it.
posted by k8t at 5:36 PM on January 22, 2013
posted by k8t at 5:36 PM on January 22, 2013
Also be very careful of the products you purchase to bring into the country.
posted by mattoxic at 5:52 PM on January 22, 2013
posted by mattoxic at 5:52 PM on January 22, 2013
I don't think you can know. If you have something to protect, then you need to behave with the assumption that it IS happening. Because they would have to be really bad at their jobs if you can detect the surveillance with stuff you bought off of some paranoia website.
posted by gjc at 5:55 PM on January 22, 2013
posted by gjc at 5:55 PM on January 22, 2013
Response by poster: kokoryu, wrong country. :-)
posted by k8t at 6:46 PM on January 22, 2013 [1 favorite]
posted by k8t at 6:46 PM on January 22, 2013 [1 favorite]
This is a fun exercise! The answer to the question, as posed, is "I'd buy nothing", I'm afraid. I'll take a crack at explaining why.
Okay, so let's consider the possible mechanisms for surveillance. There are closed-loop sensors, sensors that communicate via RF, human surveillance, illicit access to data at rest, and interception of communications in transit.
Oh, keep in mind as well that simple traffic analysis can detect when encryption is being used. China has gotten really, really, really good at dynamically blocking encrypted traffic leaving the country even when using randomized ports &c. So expect service interruptions, and be vigilant and disciplined!
posted by TheNewWazoo at 7:26 PM on January 22, 2013 [2 favorites]
Okay, so let's consider the possible mechanisms for surveillance. There are closed-loop sensors, sensors that communicate via RF, human surveillance, illicit access to data at rest, and interception of communications in transit.
- The only realistic way for you to detect closed-loop sensors is by physical inspection, and I wouldn't bet on that being successful (in addition to the fact that, if you find something, they'll know).
- RF sensors can be easier to detect, depending on their frequency band and the tools at your disposal. You could familiarize yourself with SDR techniques and build a scanning tool, but that is something of a project. Further, once you detect something, it is nontrivial to jam it.
- Human surveillance is something of a known quantity to you, I suspect. Think guys sitting in cars, right? I have no advice there.
- Illicit access to data at rest is something you can take measures to protect yourself against that don't require buying anything. Encrypt your data storage media, and be careful with your key handling. Always power down your systems between uses. There are tools you can use to help you detect malicious software in addition to the usual A/V protections. Store removable media in reliable safes. Insert nonce characters (read: always use the backspace key when you enter your passwords)
- Data in motion is likewise actionable, and the tools are free. Require that your browser always use encryption and be disciplined about it. Don't use any protocols that are unencrypted. Have a key signing party before you leave and publish your public key, always encrypt your email, anonymize your web traffic, and use a VPN. If possible, configure your computer not to transmit anything except over VPN.
Oh, keep in mind as well that simple traffic analysis can detect when encryption is being used. China has gotten really, really, really good at dynamically blocking encrypted traffic leaving the country even when using randomized ports &c. So expect service interruptions, and be vigilant and disciplined!
posted by TheNewWazoo at 7:26 PM on January 22, 2013 [2 favorites]
I, uh, don't mean to sound glib about this being a "fun exercise", btw. Being the subject of surveillance is stressful as hell and I don't mean to trivialize your travails. These are just the sorts of problems that get my interest.
posted by TheNewWazoo at 7:27 PM on January 22, 2013
posted by TheNewWazoo at 7:27 PM on January 22, 2013
Oh, and as weird as this may sound, the Apple iOS platforms are hard as hell. They're seriously locked down tight and it's unlikely that a former eastern-bloc state could convince Apple to give up your encryption keys. It's always a good idea to bring a throw-away device when traveling to a hostile environment, and now that iOS supports email encryption and signing, it would probably be my first candidate for a computing device. Load it up with signatures and be disciplined about who you email and gathering certificates before you do, configure the VPN, and set a complex passcode that has one or more repeated characters (maybe even with nonce characters).
posted by TheNewWazoo at 7:37 PM on January 22, 2013
posted by TheNewWazoo at 7:37 PM on January 22, 2013
I have a policy of transparency in my online writing that makes it easier to not have to remember what I wrote where and who knows about it.
Ummm... is there any way at all they can trace this to your real name? It just seems like... if your brother's worth tracking, or they decide to pay any real attention to him, they're gonna track you too. And they'll see this. ???
posted by jrobin276 at 11:32 PM on January 22, 2013
Ummm... is there any way at all they can trace this to your real name? It just seems like... if your brother's worth tracking, or they decide to pay any real attention to him, they're gonna track you too. And they'll see this. ???
posted by jrobin276 at 11:32 PM on January 22, 2013
Response by poster: I'm sure that my online presence is monitored but based on previous online monitoring of me, I don't think they'd find my metafilter profile. But if they did, I wouldn't be too worried about what I've written here.
posted by k8t at 6:15 AM on January 23, 2013
posted by k8t at 6:15 AM on January 23, 2013
Response by poster: Yeah, tech-wise I run a USB booted Linux and my android devices have a special security program. Everything done through vpns. Passwords are very intense and changed frequently.
This trip will be longer and I'll be in 1 residence for awhile, thus the opportunity/need for more security.
posted by k8t at 6:18 AM on January 23, 2013
This trip will be longer and I'll be in 1 residence for awhile, thus the opportunity/need for more security.
posted by k8t at 6:18 AM on January 23, 2013
This thread is closed to new comments.
posted by modernnomad at 3:18 PM on January 22, 2013