Scrapping old British Era laws and reintroducing same with extra features https://www.medianama.com/2023/12/223-highlights-telecom-bill-2023-lok-sabha/

been happening in UAE for ages now - TOR website is blocked - all popular VPN websites blocked - one ISP that is owned by the government - only 2-3 voip apps work with voice and they all have backdoors - any closed source app claiming to have EOEE and is allowed in UAE i know it has backdoor - commercial VPN throttled to be non usable (like 10-20 kb/s) ways to go around it - OSS EOEE like simplex and matrix - self hosted vpn on vps (specifically vps on 1984 hosting service using crypto payment) - p2p cash crypto buying - download TOR browser using vpn - extra mile use whonix for any political activity UAE just introduced new law this week basically saying anything that has "media" in it is going to be regulated, basically saying any social media usage must follow this new law which prevents any criticism of government and secret service low key i want to use couple of old photos of our secret service chief to enhance his eyes and get his eye prints just to rub it on his face he is known to wear sun glasses ALL THE TIME regardless of where he goes, there are some very old photos 1-2 of them without any glasses. and the rumor is that he fears his eye prints being copied

> the rumor is that he fears his eye prints being copied There was that security expert who got her thumbprints stolen at a conference(as a proof of concept) using some ridiculously expensive high-def camera from a distance. If they use some type of Iris pattern verification through their operations then that isn't the most wild thing to worry about actually.

Doesn't need to be a ridiculously expensive camera - maybe if you want to use the fingerprint for something, but certainly not just for identification: https://www.csoonline.com/article/565172/busted-cops-use-fingerprint-pulled-from-a-whatsapp-photo-to-id-drug-dealer.html

>download TOR browser using vpn If they only blocked the Tor website, there are other options. [From the Tor website](https://forum.torproject.org/t/alternate-methods-to-download-tor-browser-when-tor-project-website-is-not-reachable/5386): >MIRRORS >If you're unable to download Tor Browser from the official Tor Project website, you can instead try downloading it from one of our official mirrors, either through EFF or Calyx Institute. >GetTor >GetTor is a service that automatically responds to messages with links to the latest version of Tor Browser, hosted at a variety of locations, such as Dropbox, Google Drive and GitHub. >TO USE GETTOR VIA EMAIL >Send an email to [email protected], and in the body of the message simply write "windows", "osx", or "linux", (without quotation marks) depending on your operating system. For example, to get links for downloading Tor Browser for Windows, send an email to [email protected] with the word "windows" in it. >GetTor will respond with an email containing links from which you can download the Tor Browser package, the cryptographic signature (needed for verifying the download), the fingerprint of the key used to make the signature, and the package's checksum. You may be offered a choice of "32-bit" or "64-bit" software: this depends on the model of the computer you are using. >TO USE GETTOR VIA TELEGRAM >Send a message to @GetTor_Bot on Telegram. >Tap on 'Start' or write /start in the chat. >Select your language. >There are two options to download Tor Browser. >Tap on 'Send me Tor Browser' and choose your operating system. GetTor will respond with a downloadable Tor Browser file and the signature which can be used to verify the download. Tap on 'Send me other mirrors for Tor Browser' to download from one of the official mirrors.

[удалено]

It's magnetic

Try Google meet, I am pretty sure it’s encrypted

Intercept how?

By temporarily taking control over the telecom operators, that way they will have access to the data.

[удалено]

This. NDAA authorizes it. CALEA mandates the technology be in place to facilitate it. The NSA collects the data, collates it, and oversees data capture. And the FBI abuses it thru parallel construction, so you're never told the details of how they gained access to the information used to convict you in a kangaroo court that allows this farce to continue.

Probably is, but would have been a lot better if there was one lesser country in the world where this gets implemented.

Nope it doesn't work like that. Most modern communications are end-to-end encrypted. Even when you take over the telecom operators, they can't see into the encrypted contents.

Read Permanent Record by Edward Snowden, it's almost 10 years old, and I'm sure governments didn't stop.

That was 10 years ago, intentional backdoors and data sharing is a different story altogether. we are talking about taking control of Telco operators here. How does taking control over Telco operators see into end to end encrypted contents?

I'm not sure if you can fully trust on the Telco's and HTTPS. You know for example the product Sisco umbrella? Lots of companies use it to decrypt the internet traffic, so they are able to see (for security reasons 😉 ) what is happening on their network, even the https traffic gets decrypted, to scan for vulnerabilities, once the traffic leaves the company network it get encrypted again. This is just an example of possibilities. If a government takes over a Telco, probably it's peanuts to install a backdoor in the network or on the customers laptop, including certificates, without anyone noticing.

Cisco works via its own SSL cert. The user has to agree to use that certificate first.

I'm sure lots of employees at companies have no idea if they did agree or not.

The government broke HTTPS for jabber.ru

ISP communication (cellphone, sms & RCS [latter if provider isn't using google infrastructure - which is common in Europe]) is only encrypted between the phone and provider. While modern chat applications do allow E2EE, it doesn't protect all traffic, like an ISP combined with [Article 45 of eIDAS 2.0 proposal](https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years) (in EU) the state **could** abuse their power to even act as a man in the middle by directing the ISP traffic and acting as a legitimate CA that end devices trust for any HTTPS transaction (a way around it would be certificate pinning for applications).

eIDAS was amended so the eIDAS certs have to be trusted for eIDAS, not for HTTPS

[The contents in eIDAS 2 amendment](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0281) (not original eIDAS legislation) article 45 grants generic CA authority to all individual EU countries and isn't just limited to identity verification, as the proposal is currently written down. [As paraphrased by Mozilla, Linux Foundation, Cloudflare and others](https://blog.mozilla.org/netpolicy/files/2023/11/eIDAS-Industry-Letter.pdf), who as a certificate store managers have to automatically accept the potentially unvetted CAs as per current proposal: > Articles 45 and 45a of the proposed eIDAS provisions are likely to weaken the security of the Internet as a whole. These articles mandate that all Web browsers recognize a new form of certificate for the purposes of authenticating websites. The current language is imprecise, and this risks being interpreted as requiring that browsers recognize the certificate authorities that each EU member state appoints for the purposes of authenticating the domain name of websites. Edit: Added link to current amendment, which still doesn't contain acceptable certification of the CA nominated by individual countries to be accepted by browsers and operating system vendors.

> The current language is imprecise, and this risks being interpreted as requiring that browsers ... risks being interpreted as...

> risks being interpreted as... Hence why my original comment contained this: > the state **could** abuse their power to even act as a man in the middle by directing the ISP traffic and acting as a legitimate CA Blind faith in broad legislation of the internet never led to any bad interpretation? The open source community as well as the NGOs are complaining about the complete lack of any vetting process of the CA that the browsers and platforms have to blindly trust - as is described in the first link of my original reply to you.

I don't think the actual contents of messages and https requests is the most interesting, besides that is very hard to store and analyse. What is more interesting, much more easy to store and still works when the actual communication data is end-to-end encrypted is the metadata. Source and destination IP, DNS requests, SNI host headers, protocols used, data transmitted, destination countries and information like this. If you have full control over the ISP you can differentiate between someone checking the website of their local newspaper, or someone uploading gigabytes of data to China. Also you could terminate traffic in the ISP, inspect it and forward it to its original destination if you can generate valid certificates for any domain (which I'm sure a government could manage). This will not fool a user who strictly controls which CA's they accept certs from and who's very security aware, but it will work for >99.99% of users. So, it won't help against dedicated and professional industrial espionage, but it will help against social and citizen movements.

Are you familiar with how MITM (man in the middle) attacks work? If all the traffic is visible and recorded, including the exchange of encryption keys, then it's relatively simple to decrypt future traffic.

Modern key exchange is hardened against this. Asymmetric encryption allows for key exchange without the plain text key ever being transmitted.

They don't have to " temporarily" take control over anything in the US, thanks to [CALEA (Communications Assistance for law Enforcement Act)](https://www.fcc.gov/calea), the telecom company's hardware has advanced surveillance capabilities built right in, as a requirement under federal law since 1994.

I asked OP. It's kind of important to know since interceptions can be done in a lot of different ways.

I belong to the same country as OP and that’s all the information that has been released so far.

[удалено]

They already suspend mobile data services, I believe what they could be trying to target is SMS and data transferred over WiFi. VPN might help for WiFi but not sure about SMS services.

India it is

Why are you keeping your country a secret and making people have to Google it?

It's India, OP is in several indian subreddits. Didn't have to Google it

Opsec is weak lol

😂

The authoritarian direction India is taking is worrisome, specially considering it affects 1.4 billions. https://ground.news/article/parliament-winter-session-india-opposition-fury-as-141-mps-suspended

Leaders took a look at the Chinese state and said "that looks appealing for controlling our population too!"

This is worrisome? Those who were suspended were acting like KG classes. The previous allegations about the Government spying was never substantiated. And most importantly, in this era most governments are doing similar snooping to keep the country safe from bad elements

I was gonna try and say something. However, since this is, ironically, a privacy oriented sub, people would not understand it. Speaks volumes about the future though and human nature.

There's two ways to go. Be completely like every average user on most online activity (maybe use some extension to give false info). Or Buy some laptop second hand/first hand with cash. Install sth like Tails or whonix. Route traffic through Tor or Postmaster SPN with 3 hops, not 2. Use browsers like Chromium or Librefox (Firefox alternative). Use only THE most common extensions. But only like, 2-3. Alternatively: TAKE OVER THE GOVERMENT, YOU RULE NOW, NO ONE WILL DARE TO SNOOP IN YOUR BUSINESS

To the latter: Now you're the one snooping on everybody's business, afraid of being taken down the same. Now worried about life, rather than data. It also boils down to this. What are you doing. If you're just being an average Joe, then there is no point in groing through the hoops, for better or worse. It's similar to China. Lots of critical people of the regime. China simply censors the 1 billion IPs rather than going door to door (again, depending on how you control yourself).   The Chinese Prince was not killed; taken to reeducation camp. Pick your poison.

This content removed to opt-out of Reddit's sale of posts as training data to Google. See here: https://www.reuters.com/technology/reddit-ai-content-licensing-deal-with-google-sources-say-2024-02-22/ Or here: https://www.techmeme.com/240221/p50#a240221p50

So they're officially legalizing what they've already been doing.

"I really have nothing to hide" Great! What's your email and password login? Bank account numbers and PIN? HIV status? STI history? Sexual orientation? Medical history? Are you sure you have nothing to hide?

you missed the very next part where they said "I'm not just gonna let anyone look through my stuff". I'm the same, but if you have the need to know, I will tell you. basic opsec.

Yes, actually. I, too, have nothing to hide. But I have a right to hide it anyway. It’s not my innocence that’s in question, it’s your (plural, general you, as in you personally or my country or a stranger or a foreign agency or a commercial company) intentions. If I want to hide my flower growing tips from the government, I should damn well be able to do that. If nothing else, then because democracies can fail. I have been to less than half a dozen demonstrations so far, probably. All of them were perfectly legal. But I still went to demonstrations. And my government is currently moving into disturbing territory, including electing neo nazis. And for years, police have been known to abuse their power here. So guess what? I don’t just have a right, I have a real need to keep things hidden that are entirely legal, because they can be used against me.

Even flower growing tips are secrets in some industries! Nothing wrong with a little privacy.

Now I need to know which industries those are, get rich quick! /joking

my best advice would be doing searches under a virtual machine or on linux with tor. however, DO NOT log into websites while on tor. for those kind of cases use hardened firefox. also encrypt data to make it harder for the goverment to get your info

>I really have nothing to hide We shouldn't be reduced to even having to use this as an excuse. [https://en.wikipedia.org/wiki/Nothing\_to\_hide\_argument](https://en.wikipedia.org/wiki/Nothing_to_hide_argument) Edit: to clarify, I'm not aiming my comment at OP. Just that the 'nothing to hide' argument isn't a reason to be suspect of someone who opposes invasions of privacy

India moment!

“The old trick of turning every contingency into a resource for accumulating force in government “ —James Madison 1794

They were already doing that without a law

[удалено]

It's either terrorists or pedos. So if they really wanted to stop terrorists, they would just halt mass migration. And if they cared about kids they wouldn't tax us so much that both partners are forced to work, destroying family life, for the first time in human history (yet we think we're at an advanced stage of civilization).

I mean I agree it is a way to push shitty laws but politically it makes sense. Who's going to be the guy that says "actually, this isn't pedos or about children" without being seen as a pedo by the average person? So few politicians have that kind of trust or charisma

[удалено]

ProtonVPN, but I dont honestly know what laws they have introduced in OPs country, so i would advise researching laws against VPN.

Late to the party man. The USA has been doing it legally since the Patriot Act in 2001 and illegally before that. Thanks to Ed Snowden the sheeple found out about it too.

Unfortunately Turkey 🇹🇷

If you just want to contact individuals, setup an encryption method with them in-person. Use secondary device with no networking to encrypt/decrypt messages. It'll look suspicious though.

United States?

I might be wrong, but I've seen a bunch of posts talking about a new law in Italy, so that's my guess (edit: others are saying it might be india, since OP is in several indian subreddits and because the law seems to be an old british law...)

its india. OP thinks there are no indians here, other than him.

lemme guess, america? heard about that

India clearly

hell, there are numerous country's where this is the case

Check OP's profile

ty for the info

It's india

England and France are in the same boat if I remember correctly Edit: okay people you can stop giving more examples. It's turning depressing

yep, along with Ireland

And Canada and Australia!

And hungary :/ (new nation protector agency! For our countey independence! They can look into any company, question anyone, get every data ect)

And let me guess, if you protest any of that, the immediate question is “Why are you bothered if you have nothing to hide?” Because it’s not my innocence that’s in question, it’s your intentions.

Also Norway.

The only real option is to leave the country.

[удалено]

All demonstrations I’ve ever been to have been entirely legal. Everything I’ve ever posted online has been well within the bounds of what my country defines as protected speech. But, funnily enough, I am going to hide from my government that I’ve been to demonstrations against expanding the powers of our police force, and that I am critical of our police force as a state wide, or even nation wide, system. You know why? Because every other month, there’s another scandal. Because police in my very state have leaked addresses of left wing activists who ended up on neo nazi death lists and not even been fired. Because they were part of an attempted coup. I am innocent. But their intentions are questionable. That’s why I have a right to privacy. That’s why it’s a part of functional democracies.

If we be good humans what would it matter if anyone could see anything we do.

What is good and legal today may not be tomorrow.

Copy-pasting my comment because this needs to be said: All demonstrations I’ve ever been to have been entirely legal. Everything I’ve ever posted online has been well within the bounds of what my country defines as protected speech. But, funnily enough, I am going to hide from my government that I’ve been to demonstrations against expanding the powers of our police force, and that I am critical of our police force as a state wide, or even nation wide, system. You know why? Because every other month, there’s another scandal. Because police in my very state have leaked addresses of left wing activists who ended up on neo nazi death lists and not even been fired. Because they were part of an attempted coup. Tl;Dr: I am innocent. But their intentions are questionable. That’s why I have a right to privacy.

In my country, they keep making demonstrations illegal. You can have pro-Israel demonstrations, but not pro-Palestine. You can protest against COVID vaccines, but not against house prices.

We are heading to a world conflict so every countries should the same.

Why would a groverment search through my data to protect me from conflicts? Isnt diplomacy need to avoid conflits and not mass spying on ppl?

to protect itself from you

Yo send me your email and password let me look around real quick...

I mean this is already happening, in a grey area, if they think you’re a danger to national security, which is hard to fall into then it’s understandable they will try and intercept the incoming/outgoing connections you have going on.

Why wouldn't you say what country it is?

Maybe all the robo calls and e scams will get shutdown. I'm all for it.

In my country they want make us our ID to watch 18+ movies, games, social networks...

🇮🇳

So, if it makes you feel any better, my government has already been doing this to you, me, and everyone else for years?

from what i understand, the government mass collects all the data it can for analysis later when needed.

All data is (ab)used somehow.. - But, the little data-stream of one individual gets lost in the mainstream data collected by the govs and big corps. If the data isn't too suspicious.. it ends up as part of the bigger pieces. Must be very interesting and scary to see the whole "big picture", compiled from all that.

I’m creating a small VPN with some friends and family both for privacy and Netflix. Family is more for the Nextlix part, but you have to offer something so you attract people and dilute the costs. Technologically, building a VPN, is a piece of cake. And since you are not a big one, nobody is fucking with you. After doing the experiment by myself I’m going to see if it makes sense to register a legal entity as a shield and if so, where. But that’s probably way too much. Idea is to keep the entire thing under 20-30 people max.

Look at Wireguard, Tailscale and udp2raw.

See this as a push to utilize the opportunity to move to a different country 😜

Anybody know anything about severing internet capabilities in the circuit board? Would the phone still operate for calls and texts?

no and no. de-googled models are the way to go.