Threat Model: Parents

Sun May 31 10:58:26 PDT 2015

Now you're talking vulture capital capabilities, 
if you can answer these questions
millions of dollars and users await your products, thanks to Edward Snowden.

Consider asking the coach, pastor, BFF, mentor, online advisor (no offense
Gadit but you fit the predator profile) to take you home to use his/hers/trans
computer which will have the  latest cloaking tools, including those which
block, divert, trash, evade, deep six, 
anon-legionize, the most devilish meddlers
promoting villainous affairs to advance their 
villainous careers, aka kiddie porn
watchdogs tutored by natsec spooks. Prepare to be stripped naked in the sauna,
like Jake Appelbaum, like beloved overseers of all stripes, phones into the
lead-lined chest, to guard against you being a babe to entrap the beloved
wizened overseer (sorry Bart, no offense but you fit Jake's profile).

Cpunk archivist popped up when this topic tripped its sensor to say hear ye,
this is the 4,096th time the helpless kid bait has been set here. Undercover
careers begin with tapping into online fora to test homebrewed mousetraps,
the most common being a kid with troubled parents, next most Tempest signals
being emanated by latest, most compulsive child bewitched by the awesome
freedom of personal devices, next ex-spies with unbelievable stuff to shatter
the empire of those who know shit shoveling into into those whose diet is
limited to shinola.

If you advise the kid to stay away from personal devices connected to the
rest of the world, that will get you a visit from 
connection authorities accusing
you of treason. Show your credentials by yelling accessible encryption.

At 01:17 PM 5/31/2015, you wrote:
>On Sat, May 30, 2015 at 10:24 PM, Gadit Bielman 
><<mailto:thetransintransgenic at gmail.com>thetransintransgenic at gmail.com> wrote:
>Hi.
>
>I'm trying to help (probably badly, but..) a 
>friend deal with parents that they expect are spying on them.
>I know that in general, it's impossible to 
>secure a computer that you can't trust and don't 
>necessarily have administrator privileges to.
>
>But their parents are not exactly the NSA -- any 
>spying that's happening is almost definitely 
>some sort of product, plus basic things like 
>maybe looking through their history. (I don't 
>know much about they're situation -- maybe they 
>know more, so 
>well-if-you-know-they-do-this-then-you-could-do-this 
>type advice would still be helpful.)
>
>Would antivirus be able to detect 
>spy-on-your-kids products? Would they be able to 
>scan their computer with like Immunet or 
>something, even if they didn't have administrator privileges?
>
>Tor would probably help -- unless the monitoring 
>was looking at the RAM or something for website 
>names, which would be way overkill on a 
>commercial product, no? Or (more likely) if it 
>was taking screenshots at regular intervals, 
>which would also break running a VM or 
>something. (Is there any way to detect taking screenshots?)
>
>I know probably the best thing would be running 
>TAILS as a LiveCD -- the problem with that is 
>that it's REALLY obvious over-the-shoulder.
>
>
>Um, thoughts about any of those?
>Any other things about parents as a threat model in general?
>
>I know this is pretty far from what is usually 
>discussed on here, but I'm really interested in 
>what you think/it would potentially help a lot of people.
>
>
>Okay so I've gotten a few responses to this, so just to clear a few things up:
>
>-- I don't know this person IRL -- I'm giving 
>them advice over online, so can't look at their 
>computer, give them anything, etc.
>-- I don't know what spyware program is being 
>used, that is one of the "can someone/how can 
>someone do this" questions I am asking
>
>And one major thing, which forgive me for 
>getting kind of annoyed but literally everyone 
>has either directly suggested this or ignored the issue:
>Parents monitoring/spying on their kids is VERY 
>OFTEN part of an abusive or nearly abusive relationship.
>If "Just talk to them" was an option, I can 
>GUARANTEE they would already have taken it to the best of their ability.
>"Just talk to them and install linux -winkyface-" is NOT a workable answer.
>Parents have a HUGE amount of coercive power and are NOT shy about using it.Â
>
>And for that matter, "wipe it and install linux" 
>is really unlikely to work either. Rubberhose 
>Cryptoanalysis is in full play here -- a PRIMARY 
>goal is "hide it from your parents as much as 
>possible", because confiscating your computer 
>for arbitrary periods of time is ALWAYS AN 
>OPTION. If they find something password 
>protected, they are totally capable of just 
>saying "haha, stop playing around, you're 
>grounded and we're confiscating the computer 
>until you stop being unreasonable and give us the password".
>Also, an arbitrary kid at home isn't gonna be 
>able to just install Linux. Linux requires you 
>to /know what you're doing on Linux/, and these 
>kids have their hands full dealing will 
>everything else their parents overbear already.
>
>
>Thought outline::
>-- Find out or narrow down the ways their parent 
>might be monitoring them software-wise
>---- Is there Spyware installed on the computer itself?
>------ detecting: is there a list they can look 
>through "My Programs" to see if any matches? 
>Would doing a full scan with a free antivirus 
>detect them as spyware, or would there be "this 
>is a commercial product for parents" exception to the lists?
>------ assessing: if they can find which spyware 
>is being use they can just look up the 
>capabilities. But if they can't? What 
>capabilities do most child-spyware products 
>have? Is it possible to narrow down by price-range for what they can afford?
>---- Is there spyware running on the network? Traffic monitoring and stuff?
>------ That's harder to find, but using the Tor 
>Browser should completely negate that
>---- bypassing softwarewise-things:
>------ depends entirely on the capabilities. At 
>the most simple, they can be bypassed by just 
>not using the normal browser. More complicated 
>and I can totally imagine a Superfish-like-thing 
>monitoring all internet traffic -- even HTTPS -- 
>for keywords. Is constant screencapture a common 
>feature that we need to worry about?
>-- Non-software-based things:
>---- Manually looking through browser history: 
>again, Tor Browser doesn't keep history
>---- Demanding access to email account: use one 
>for school/parent-friendly stuff, and create a secret one.
>---- What else is there?
>
>
>e.g.: Here's the parental controls/monitoring 
>built into Windows 8:Â 
><http://windows.microsoft.com/en-us/windows-8/monitor-child-pc-activity>http://windows.microsoft.com/en-us/windows-8/monitor-child-pc-activity
>(For the specific case that I'm asking about, I 
>don't think they have Windows 8, but other 
>versions of Windows probably have similar capabilities)
>And here's a top-ten comparison for child-spying 
>software:Â 
><http://parental-software-review.toptenreviews.com/>http://parental-software-review.toptenreviews.com/
>
>Would that be able to track the websites visited by the Tor Browser?
>
>So specific questions to start:
>What if any free antivirus, running with user 
>permissions, would detect commercial spy-on-your-child-ware?
>
>If they're running a LiveCD/LiveUSB (you're 
>right, probably USB -- faster, more common, 
>easier to excuse for, and persistence), how well 
>can it be disguised as the original operating 
>system? How much of that work can be done by 
>people who aren't the child, so that the child 
>can have as much of a plug-and-play experience as possible?
>
>Besides actively taking screenshots, are there 
>any other potential issues for the Tor Browser? 
>e.g. is looking at RAM (unlikely for a 
>commercial parent-spy software?), scanning 
>throughout the entire filesystem looking for 
>bookmarks (Also seems over the top if the Tor 
>Browser is kept in a not-completely-obvious location?), other capabilities?
>
>
>
>Again, I don't know them at all IRL, so I can't 
>look at their machine, help them install/inspect things, etc.
>
>And in general, I think it would be really 
>valuable if we can create 
>will-work-for-70+%-of-people tactics that a 
>kid/teen online can take to get around their 
>parents, so it would be great if we mapped out 
>more a general threat model for parents, and possible responses to that.
>
>Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8796 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150531/a6cea1a4/attachment-0002.txt>