F*ck These Guys: Practical Counter Surveillance

hello can everybody hear me

hello Qui where's the receiver I don't know I don't know who's you CH

yeah must be this happen but on

[Music]

one four scor and seven years ago our father is that helping testing one two three check check check testing one two three check check check I'm eating the mic man I don't get much louder okay I can sit here and do this all day I do tricks I sing and dance well you don't want me to sing can you guys survive this is the audio okay what do you need louder or less hum can you guys make the mic make more noise okay so you either get loud with a hum or not loud enough with no hum which do you prefer no hum all right I will try to yell so can we yeah is there a way

to is should I just go ahead all right so are you are we good to go okay thank everybody for coming down again uh this next talk is going to be interesting let's uh [ __ ] these guys practical counter surveillance measures Lisa lenen is going to present and I hope you enjoy hello okay our talk today is going to be on [ __ ] these guys practical counter surveillance Lisa Loren is going to present hope everybody enjoy thank [Applause] you so I need to start off with two disclaimers first of all I am not an expert at this and you will find that out further into the talk I am just an amateur Enthusiast who thinks this

shit's important second of all I am not speaking for my employer my standards groups any other professional affiliation or anyone but myself that's why I can do this oh and there will be F bombs but you probably figured that already so as a user of the internet you know five years ago if you would asked me who was the biggest threat to my privacy on the internet I would have told you it was Google cookies cookies everywhere so you know they were the enemy

and all right is it better over here we good wasn't you all right so you know you look at Google they know a lot about what we do dayto day you've got access to the email that we send and then I found out that Google was just the tip of the iceberg so as everybody learned a few years ago with the Snowden Revelations it's not just Google who's using those cookies it's not just the companies Gathering all of this data on us the government is intercepting our traffic collecting our content our metadata under a number of programs that we're not even allowed to know about in many cases so when the initial Revelations came outa was trying to Snoop on the intra

dat Center links within Google one of the Google Engineers got a little bit annoyed about it and I share his opinion this is our government we live in a nominally free country this [ __ ] is not [Music] okay all right if this dies I'm really hosed so not only are they intercepting these cookies they're actually using them to reach out and attack People based on the traffic that they're sending and the associations that they have online in effect they're watching everything that we do I was not exactly thrilled about [Music] this but the problem is what are you going to do you can't win I can't make them stop tracking me I can't break even I can't

even control what they get about me I could quit the game but seriously is anybody going to stop using the internet today raise your hand you're a stronger Soul than I am frankly so mostly I just sat around and whined about it to my friends to be honest for a few months and then in March of 2014 Edward Snowden addressed South by Southwest and he said when we think about what's happening at the NSA for the past decade the result has been an adversarial internet a global free fire zone for governments that is nothing that we ever asked for it's not what we want and it's something that we need to protect against [ __ ]

yeah so I consider this a call to Arms I would like to do something about it but what am I going to do I'm not a wizard I don't know [ __ ] about cryptology cryptography I was a medieval history major I can barely balance a checkbook and the calculator on my phone gets a work out every time I have to calculate a tip and I'm not alone Glenn Greenwald the journalist that Snowden worked with Greenwald blew off Snowden two or three times before they made contact because Snowden wanted him to install encryption programs and he was like this shit's hard it is hard so okay I'm The Sorcerer's Apprentice what can I do that's not going to result in a parade

of broom and a flood so I started to do some research and that's when I really started to find out how deep the rabbit hole goes I started looking into the entire topic of government surveillance you can all laugh at me now and the first thing I got interested in was the idea of metadata what they're collecting on metadata and so with metadata the initial question I had was what the [ __ ] is this all about metadata is when they capture information about a commun unation rather than the content of the communication itself so if they gather about a phone call who I called what time it was how long I talk to them

that's the metadata they can gather that information and learn a lot without ever having to know the content of that conversation and there's a great example of this online and by the way I have uh links to all of these resources in these slides and I'll put these slides online so there's a great example of this online a guy named Karen helot Duke who did an analysis of seven organizations in Boston during the Revolutionary War and all he had was a list of organizations and a list of their membership and by cross referencing this he was able to identify that Paul Rivier was near the center of that adjacency graph that adjacency Matrix without knowing anything about those people so

there's been some amazing talks about this and the issue with metadata is some really bad decisions are being B made based on the metadata that that's gathered so you know it's okay right because they're not collecting this about Americans it's only foreigners yeah [Music] yeah so when you talk to the government about what they're collecting the result invariably is a refusal to give any more information than is absolutely necessary to the point where in 2012 Ron weiden asked the uh director of the National Intelligence in front of Congress whether the bulk of collection was done against America whether bulk collection was done against Americans and he said and I quote not wittingly so this is like Humpty Dumpty

when I use a word it means what I say it means nothing more and nothing less if you or I got up and lied to Congress we would be in jail this man still has his job or still had his job so the problem is there is a certain mentality in the intelligence organizations that says it's all possibly relevant gather it all we'll figure out whether it's useful later and so they're making an argument that when they capture and store data they're not actually using it until they analyze it so when they say they aren't collecting data what they mean by that is nobody has gone looked at it yet but this is why we have a giant shiny new data

center in Utah sucking down power and water like it's going out of style and once they have all that information what are they going to do with it there was in I think 2013 there was the Revelation that federal agents were using this data to look up information about their love interests love in they had a database of email addresses that they were using to surveil people who were active who had broken no laws but were simply expressing their right to a political opinion and 200 of those people in that database were Americans so you know first of all I don't think it's okay to do this to anyone but the way our Constitution and the way a lot of our

laws are written other Count's citizens are fair game and second of all what we are learning is that there is a giant Iceberg of Shadow law that we're not allowed to know about that says oh you know by the way if they're doing it to them they're doing it to us too so basically this is me at this point if you're not pissed off you're not paying attention so one of the arguments that I get a lot is why do you give a [ __ ] you know what are you doing that the government would be other than giving this talk I guess what do you do that would make the government interested in you why do you care if you have nothing

to hide you have nothing to fear and that's [ __ ] and the reasons that it's [ __ ] would be an entire other presentation but the single best explanation I've found of it is a paper online I've got nothing to hide and other misunderstandings of privacy it's a little dense but it's a great articulation of why there's a slippery slope here why it matters that we have the right to associate freely without being tracked why it matters that we have the right to communicate with each other without being EES dropped on so what am I going to do about this I decided to see what I could realistically do to start to remove myself from bul collection and I want to

very narrowly scope the rest of this conversation by saying metadata was fascinating me and I was going to give a whole talk on how you can protect yourself against bulk collection of your metadata and the answer was there really isn't much you can do today there are people working on this problem but metadata is a hard problem to solve the easier problem to solve is how you can protect yourself from bulk collection of your content of the content of your Communications and so that's what most of these applications do and I want to make very very clear that I am not talking about protecting yourself from targeted surveillance because quite frankly if they're targeting you then you're

[ __ ] having said all of that there are three things that I would choose to if I could choose to get people to do three things there three things that have zero overhead they're easy to do they don't make your life complicated anybody can turn them on go to Every library in the country turn these on on every PC I would turn it on on every phone on all of my relatives computers if you do nothing else today leave this room and do one of these three things or ideally do them all so the first one is https everywhere SSL used to be expensive you used to have to expend computational power on encrypting and decrypting

websites when I started working on websites 15 years ago do we turn on an SSL server because you know we're going to have to get a beefier CPU seriously it's the 21st century use https there's a tool for this from the eff it runs in every major browser just do it the second thing is stop giving Google this information because if you're not adding your data to their vast stores of collected information then the government can't be getting it from them using national security letters that you're not even allowed to know about if we're not putting it into these databases in the first place then it isn't sub SE subject to being hoovered up duck ducko is just one of the options

out there there are people who argue that you have no idea whether the government is serving these kind of requests on Duck ducko but they state that they're not storing the information and at least that's better I'm not trying to find a perfect solution I'm just trying to get better and the third thing is private browsing there's every major browser has the option of incognito mode or private browsing mode and again this isn't going to protect you from someone who is watching you make these requests on the wire but it's going to keep these cookies from being stored longterm that are used to track you it's going to keep some of this information from getting

tied together in these databases it's an incremental approach so if you do nothing else in cognito mode my Android phone has incognito mode now my previous one didn't it's a step forward so these are the three things they cost nothing they're not hard just do it if you're willing to actually expend a little energy then the options start to expand so one of the first things you can do is you can educate yourself know who is on our side and who isn't if you have a choice among Services choose services that are the resistant to this kind kind of [ __ ] there's a great report from the eff on who has your back there's another thing you can do

which is install privacy bager so if you guys absolutely man if you guys ever ran ghoster any of these things that chew on cookies mung cookies privacy Badger is the stable functional not a total pain in the ass way to do this it's not you know occasionally I bump into something where the cookie munging interferes with use of a website and it's reasonably easy to turn it off for that web and then send them a nasty email telling them how much they suck I really don't understand why so many sites tie their function of their website to Google analytics if I can't use your website without blocking Google analytics cookies you fail at internet another easy approach is

alternative DNS providers again we don't have to be giving Google all this data on our lookups you know who who here has 8.8 8.8 as the DNS server on every machine in their lab you know decent number of people it's easy right it's free but you don't have to do that there are a lot of different options you know use something a little saner there's a set of DNS servers that are available and there's a list of what they are and what they track what information they store you can also look at things like email with email I realize that getting people to stop using Gmail is a lost cause I ain't even going to go

there but for those who are willing to think about other options one of the first options people think of is what other service should I use and Google actually provides a great report on who encrypts email in transit between the mail providers Google does you know so they get a gold star for that there are other email providers who do this kind of encryption there are email providers that don't it's probably a good idea to be aware of this because again this is an indication of their clue and their willingness to push back if you're really serious about it and if you're willing to pay for the privilege there are relatively inexpensive services that give you the

same type of email functionality you pay a little bit and you're pulling your data out of the clutches of these databases instant messaging who here uses Instant Messaging regularly how do you get me worked done I am so interrupt driven I you know I so I'm not an IM user but there are some great messaging applications that allow you to do secure encrypted IM and Cat both cryptocat and pero are really good options for this and another thing you can do is start to look at using a VPN service so I realize that the perception is that VPN Services Anonymous VPN Services exist so that you can rip off pirated media over bitor and you know

that's probably a perfectly legitimate use for it as far as I'm concerned but there are a lot of other reasons that using an anonymous VPN service is valuable there's a great list here torrent freak goes through and gives you ratings and pricing and this is how we chose the one that we use so all of this most of this so far is on things that sit on desks I spend more of my life on this phone than on any other Computing device how many of you have a phone that you use for personal email how many of you keep your hands up if you also use it for work email keep your hands up if you've ever

paid a bill on that phone we got a good half the room here you know I mean it is Silicon Valley so I'm not surprised but I also watch cat videos on my oh by the way rooted Android phone I am the world's worst opsec about this but I'm not going to stop using my phone and I'm probably not going to stop using it stupidly you know so realistically this this is what I do but I can now I can at least now Us in cognito mode in Chrome on the phone there are secure browsers for Android I've got the Dolphin browser on there I don't use it as much because again you lose functionality but these are the

trade-offs that you you know you can figure out what is your level of tolerance for a little more inconvenience to get a little more privacy there are other applications like wicker one of my friends noise turned me onto this this is a great application if you want to do text messages I am I'm still sort of halfway in between wicker and text secure I'm a little frustrated with text secure right now because they're dropping support for encrypted SMS and I understand that because they want compatibility with apple which doesn't do encrypted SMS but it would be really nice you know somebody there is somebody doing a fork of text secure to continue support for encrypted SMS these things are

complicated in many cases you don't have to give a [ __ ] if you live here you have almost zero reason for encrypted SMS because my God the Wi-Fi coverage in San Francisco so again you look at the tools you look at the advantages and disadvantages you decide what works for you if you're on an iPhone signal gives you the same encrypted messaging functionality and if you really want to get serious about it you can run red phone and you can actually do private calls as well as private messages so these are all getting a little farther down the annoyance scale there are choices you have to make there are trade-offs you have to decide what's

worth you then you really get into the pain in the ass [Music] territory if you're serious about this and and again I want to I want to be very very clear I am not a person whose life depends on keeping my data private I'm not a journalist I'm not an activist I'm not saying or doing anything particularly interesting and so all of the advice I'm giving here is for people like me if you're a journalist or an activist there are a lot smarter people to listen to like Quinn Norton you know who understand the issues involved Elanor SATA is another one but for for people like you and me how far is it realistic to go down this Rabbit Hole so

would you be willing to run a totally different web browser to have more protection I discovered I wasn't it was a pain in the ass I installed it I had a problem with it I never really figured it out I'm still using Firefox and chrome but secure browsers do exist now the one cross that I have chosen to die on here is my own personal [ __ ] email I run my own email my partner and I run our email on a Linux server in our basement this is a commitment I don't have kids so I can't say it's like having children but it's certainly like having another [ __ ] [Applause] boyfriend power goes out where's my

email okay backup MX power goes back out on the entire East Coast all my backup xes are out we lost about a day and a half of email on that one DNS goes out now we have redundant I mean there are so many reasons this is a pain in the ass every so often the combination the god aul combination of procmail and the IMAP server that I use barfs up a and I can't get email on my phone for a day or two until I figure out what it's choking on but I control that box and it lives in my basement and if the government wants access to that physical piece of Hardware they have to

knock on my door to get it again I don't expect this ever to matter so why the [ __ ] am I doing this because I think it's worth the hassle because I think it's worth the principle and because we've been doing it for 15 years and at this point I'm not willing to give it up however if you are not that much of a masochist and that's completely legit there are some really good Alternatives mail in a box I don't run this but I've looked into it for friends who are interested but sistic mail in a box basically gives you the ability to get an Ubuntu virtual instance and do what we're doing in our basement with much

less hassle somebody else is providing redundant power you know and making sure your network connectivity is up the one area that I am most unentangled with the people who are gathering my information is Google Calendar we have four household calendar we've got my personal calendar we've got my work calendar we've got our house personal calendar and then we've got stuff that I stick into another calendar for stupid reasons all of this is pulled into my phone and my entire life is in those calendars I'm 80% travel I am in a different city every week sometimes more than one and my partner would like to know where I am at night and you know oh by the way did I forget to tell you that

I'm going to Toronto in Montreal in two weeks so through some giant contortions we managed to get tripet publishing to something that publishes to Google Calendar so I don't actually have to remember to forward him all of these things because also I have a memory like piece of cheddar cheese or swiss cheese if it was cheddar cheese I'd be better off swiss cheese so anyway calendars there is an application that's actually more than one that lets you replace the functionality of Google Calendar there is flock from whisper systems who bring us text secure and signal and there's another one that I'm really looking at called Zimbra which has an open source option for this I'm not sure I'm willing to babysit

another service like this on my own we are so entangled with Google Calendar but if I decide that I have the free time and the mental energy to take on another project this is going to be the next one tour tour allows you to browse anonymously and you have the ability to run it as you know run it through a browser instance run a whole tour desktop There Are Tour clients for phones so you've got a lot of different options for tour I haven't actually found much reason to use it I know that I probably should be but you know generally I'm using the anonymous VPN and so if there's somebody out there who actually really thinks that t is way

better than Anonymous VPN and can articulate it in a way that I can understand I'd love to talk to you afterwards and then if you're really paranoid you can get a black phone and black phone is from yeah it's cool Tech I looked at getting one for about 5 minutes and I realized as much as I would love to be that girl the first thing I would want to do is put Google Play on it and seriously [ __ ] that I mean and and in in it would be a complete abuse of what that phone symbolizes so if you are hardcore enough and you really want to run something that you control and that

you have complete control over what goes in and out of it the black phone is an amazing piece of technology if you're not quite that hardcore and I've been playing with this at home with my tablet it is Poss possible although incredibly painful to make a hardened Android device Cyanogen MOD is a good start there's alternatives to Google Play for getting applications onto it you can sideload a lot of things if you're interested in doing that this is a great start so there's a variety of tools there I'm using maybe 25% of what I just showed you a lot of it's interesting to me but I haven't had the time to dig into it one of the things that I'm

really interested is what's going to come down the road and I think there are two areas that are really going to matter here usability and ubiquity so there are two projects that I'm watching one is dark mail so who here is familiar with lava bit okay pretty much everybody in the room doesn't need a lot of background but basically lavabit was an email provider who was ordered by the government to turn over their SSL certificates and encryption keys so that they the government could Snoop on all the encrypted email going in and out of their mail servers and lar Lon who ran that company shut it down rather than comply and so you know he's got a

little bit of a chip on his shoulder and I would too so he has teamed up with the guys at Silent Circle John Callas and a bunch of those folks and they are working on a replacement for email that gives better control more encryption and they're starting to chew on the problem of metadata so they're really starting to to say is it possible to communicate with each other and not leak any information or leak only minimal information so um the the dark mail the dime guys they just released the first Client First Code I think in December they released the magma code and then earlier this year in January they also released their specification so there's some links in here um lar was

talking about it on 31 C3 at 31 C3 over the holidays and then another interesting one and this one seems to be a little dormant but there's a app called Ricochet where they're looking at doing instant messaging without leaking any metadata and I look at that and I go how do you even so I'm really interested to see whether that actually turns into something so again tip the iceberg these are the tools that I know of and I'm not an expert at this there's so much more more out there there's a lot of good resources If you're sort of an amateur and you just want to know what are the most common and the most well-known and

the most well trusted one of the best places to go is to look at the Privacy pack that was put together for the reset the net day this is the overview of things that will not make you pound your head against a wall to use them if you want to dig a little further there's a site called prism break and prism break has an incredible set of resources for all sorts of different operating systems this is where you start to get into the you know am I crazy enough to really need to do this questions and there's also some great resources out there books that I either have read or have on the two read stack the three

that I'm finding the most interesting dragut nation was fantastic by Julia anguin I'm about halfway through data and Goliath and I'm and the next thing in this pile is intellectual priv by privacy by Neil Richards so these are some great resources from a philosophical standpoint from an understanding what's going on and why it's a problem and why we should care and what we need to do about it in the long term so one of the big challenges is that none of this is a silver bullet so I run my own mail server 95% of the people I email are dmail Google has the other half of you know that entire conversation from the other side and you've got people out there and

I know the guy who did this and Philip has incredible credentials but I'm sorry if you name your email project prism proof I am automatically going to side eye you and walk away we are not NSA proof if it says NSA proof on the can it's snake oil and the thing and I want to be clear here I think he's got a great idea I just think he needs to choose a better name one of the other challenges is who can you trust there has been for a long time an assumption that government malware there have been arrangements with antivirus vendors not to detect government malware on PCS to the point where bits of Freedom went out and they actually sent

a letter to a number of different Mal of antivirus providers and asked if you detected you have you been asked by the government to not detect any malware with your software and only 30% of those vendors replied so if you're looking for antivirus EET f-secure kasperski Panda Tren micro these are the companies you should be looking at and you'll notice that there are some big names that are not on the that list the other problem is we don't know what back room Agreements are being struck and we can't know because when they're done they're done under secrecy and gag orders so again this stuff is baked into the foundations of the net all we can really do is user space steps

to try to protect ourselves it's still worth doing so in response to those three laws I've come up with three of my own you can't prevent surveillance but you can make it harder and it is possible to limit what they get how far you do that limitation is solely dependent on how much of your own energy time and money you're willing to spend so again going back to Snowden the bottom line again and again encryption does work we need to think of encryption not as this sort of Arcane black art it's a basic protection a defense against the dark arts for the digital realm so we've talked a lot about the technological challenges and some of the

possible solutions but now there's layer eight there are a number of incredible organizations working on these problems the ACLU the center for democracy and Technology epic eff the biller rights defense committee I support them with my money I support them with my time in sending letters and filling out web petitions Etc I encourage you to get involved with these organizations if you care about these topics and if you care about these topics you probably already are so the big challenge with the [Music] government they're fine as long as we're the ones being travailed but when you point that at themselves they start to have a little bit of a fit and this is where you start to see the pissing

matches between different arms of the government where you know this group is gathering information about that group and not telling them so the politicians are now aware of the problem this is not a good sign for us so initially it looks like it might be one of the first responses to the revelations of the Dragnet surveillance was the USA Freedom Act and when the USA freedom Act was announced it was actually a great start ending bulk collection under Section 215 of the Patriot Act strengthening the provisioning prohibition on reverse targeting of Americans more aggressively filtering out American information so again if you're not American you're still [ __ ] but at least it's a start

right that lasted about five minutes and then the politicians started watering it down and manipulating it and bending it around and it just turned into a total mess so in 2014 we saw a new USA Freedom Act introduced and again it claimed to make these significant reforms but the problem is they're giving with the other hand as they're taking away with the firstand so now they say it bans bulk collection by requiring the government to narrowly limit the scope of its collection to replace bulk collection we authorize section 2115 to obtain two hops of daily call records I'm sorry that doesn't sound like a ban to me I don't want less surveillance I want none

of this [ __ ] or at least I want it to be strictly constrained so that they are only gathering information when they have a reason and the eff has been front and center on this one of the issues that's coming up is the expiration of section 215 of the Patriot Act Patriot Act needs to be reauthorized and I encourage you you to go and express to your Congress Critters what a bad idea that would be but the other thing here is there's a 2015 Reincarnation of the USA Freedom Act and we've come so far from the origal spirit of that bill that the the section 2115 is now how they're reau is being reauthorized in the USA Freedom

Act of 2015 so we went from Banning Vault collection to reauthorizing it in three iterations of this bill the other problem is after the Sony hacks in particular but as cyber security has become a priority and more importantly people have figured out that there's money involved we have this incredible plethora of information sharing bills you have the Cyber intelligence sharing and protection act which was originally introduced in something like 2011 and just keeps rising from the grave over and over again every time we kill it there is the Cyber intelligence sharing act cyber security information sharing act which was introduced uh in like March of this year in the Senate and then now there's a national cyber

security protection advancement act and those are just the three that are getting the most pressed there's also a cyber threat sharing act and a protecting computer network act politicians are full of bad ideas is and we need to be on top of this we need to keep saying this is not okay and here's why one of the arguments that I hear that is friendly fire in my opinion is that if you use the word cyber security you are automatically not one of the cool kids and I'm sorry but [ __ ] that attitude we no longer have the luxury of being elitist about our language these people have the money and the power to make the decisions that control what

happens to our information it behooves us to figure out how to talk to them in language they understand you don't tell a congressmen that it's not a good idea to put a back door into smartphone encryption for privacy reasons because frankly they don't give a [ __ ] about your privacy you tell a congressman it's not a good idea to put a back door into smartphone encryption because foreign actors could exploit that back door the it's both of these things are true the end result is the same we need to get off our high horse and start figuring out what the people who make the rules are motivated by and there's a great talk by Chris seoyan that he gave I'm

gonna say at Hope on this [Music] topic you'd like to think the end result is very different different how

says that one works and the other does not yes so that's the politics [Music] side we also have the internet governance side because at the end of the day the politicians make the laws but we write the protocols I'm active in The Trusted Computing group I'm active in ietf decisions are being made in these standards bodies that affect the ability to do this on the wire get [Music] involved there's a great best current practice that came out early last year pervasive monitoring is an attack we need to be building encryption and security and privacy functionality into the fundamentals of the internet because if if we do that then we can have a two-front war where we're

battling it on our own but we're also battling it as a as a community so one last note and quote they are setting fire to the future of the internet the people who are in this room now you guys who came to see this talk you are the firefighters we need you to help fix this do something help your friends do something tell people about something pull these slides down give this talk at your local information security conference give it at your local hacker space I promise you I don't know anything more about this than you do I just spent a year and a half digging into the high level stuff because I care take these take this

information take these tools and spread them and share them that's it

so I'm gonna ask you a question I'm going to turn this around a little bit what tools should I have in this set that I don't know about tals okay what it's in there thank you no problem what OTR somebody's going to have to explain it to me well enough that I can include it and not sound like an idiot chat secure OTR Tails build a botnet invisible yes definitely I don't know what that is say it again what's the name of it threa secure texting server in Switzerland okay anybody else unplugged in the back disconect disconnect okay thank you full dis encryption absolutely that's not going to help you much against bulk collection but if you make a stupid

tweet about hacking an airplane and they take away your electronics you're going to be really happy you encrypted your disc I am not knocking him but that was a dumbass thing to tweet from an airplane yes well after the fact it's kind of obvious I'm it's the kind of thing that I would have done I'm glad somebody else did it first so I could go oh [ __ ] that's a bad idea so questions from you guys what's my web page ah so I haven't actually figured out so there there are versions of this that are online from previous I've given this talk three or four times now if you search for Lorenzen l o r en z i n

and practical counter surveillance you will find it in multiple forms I will get these slides online somewhere I haven't really figured out where yet I cannot put them on my cable modem because oh my God our bandwidth is crap enough as it is that is the downside of Hosting your web server off your cable modem in your basement but I would say give me a week and then do a search and I will make them be somewhere easy to find and I'll I will see if the bsides folks can link to them so the other thing is I'm on Twitter at L Lorenzen and so I will I will put them some I will put something that makes

them findable I should probably actually put a link in my Twitter bio or something because that's the thing that most people are looking for when they look at me on Twitter other

questions absolutely so he's saying that section 2115 of the Patriot Act is coming up for Renewal the next two months are the most critical time for that discussion there's great information about this on the ACLU web page on the EF web page

you ah so the the comment is privacy Badger prevents cookies but you don't have anything that prevents fingerprinting or super cookies that's because I don't know of anything what should I know about what's the name of the Tool tour okay thank you that's good to

know what's the

organization I'm gonna have you say the name so it's on the record okay so Lee brotherston up in Canada he did some really nice work on men in the middle that isps are doing so just getting the message out there fabulous thank you anything [Music]

else yes that's a critical key point so he's saying that as yep in the same way that we need to be talking to the politicians we also need to be talking to the people who don't give a [ __ ] and aren't like us and just use the internet and are putting their information out everywhere willy-nilly John Oliver interviewing Snowden and talking about the government snooping on their dick on people's dickpics probably did more to raise awareness around this issue than any other single thing ever and this is why you know your local library is a great way you know do a lightning talk do a little seminar at your local library hacker spaces are probably

they're another good one but again it's people who look like us and we need to get this out to the general public who don't know what's going on and don't have a reason to care yet anybody else great thank you guys for your [Music] time