On Sat, 2015-05-30 at 22:24 -0400, Gadit Bielman wrote:
Hi.
I'm trying to help (probably badly, but..) a friend deal with parents that they expect are spying on them. I know that in general, it's impossible to secure a computer that you can't trust and don't necessarily have administrator privileges to.
This is correct.
But their parents are not exactly the NSA -- any spying that's happening is almost definitely some sort of product, plus basic things like maybe looking through their history. (I don't know much about they're situation -- maybe they know more, so well-if-you-know-they-do-this-then-you-could-do-this type advice would still be helpful.)
It could be any number of things. Some ISPs even sell access packages with "family-friendly" filtering built in. Spyware or logging of sites accessed wouldn't be too far of a leap from this.
Would antivirus be able to detect spy-on-your-kids products? Would they be able to scan their computer with like Immunet or something, even if they didn't have administrator privileges?
By their nature, I would expect most garden variety anti-spyware packages to not consider "parental control" type tools as spyware and not detect them. They certainly aren't viruses. I think most anti-spyware tools on Windows require administrator access to run.
Tor would probably help -- unless the monitoring was looking at the RAM or something for website names, which would be way overkill on a commercial product, no? Or (more likely) if it was taking screenshots at regular intervals, which would also break running a VM or something. (Is there any way to detect taking screenshots?)
There's no easy way to detect screenshots being taken. You would need to check the local hard disk for copies of the screenshots, and outbound network traffic for something that could be a screenshot being uploaded. This is difficult at best without administrator access.
I know probably the best thing would be running TAILS as a LiveCD -- the problem with that is that it's REALLY obvious over-the-shoulder.
It would be best, but it may not be possible if the computer is secured correctly. The parent threat model (as a minor child) is a particularly tough nut to crack. Even if you subvert the technical spying measures, there could be consequences for doing so. At least where I live in the US, minors can't own property legally, so parents can spy on a computer that "belongs to" their kids. If your friend's parents feel the need to spy on his/her Internet access, there are issues beyond the technological ones. There is a basic lack of trust on the part of the parents, possibly caused by their poor parenting of your friend when he/she was younger, that needs to be addressed. In other words, find out why they feel spying is necessary. In the meantime, your friend may want to do the majority of his/her Internet access from the local library; it may not be completely uncensored but there is a much lower chance of being individually spied on there. -- Shawn K. Quinn <skquinn@rushpost.com>