Threat Model: Parents

nerv nerv at fastmail.fm
Sun May 31 11:13:42 PDT 2015 

On Sun, 31 May 2015 13:17:47 -0400
Gadit Bielman <thetransintransgenic at gmail.com> wrote:

> On Sat, May 30, 2015 at 10:24 PM, Gadit Bielman <
> thetransintransgenic at gmail.com> wrote:
> 
> > Hi.
> >
> > I'm trying to help (probably badly, but..) a friend deal with
> > parents that they expect are spying on them.
> > I know that in general, it's impossible to secure a computer that
> > you can't trust and don't necessarily have administrator privileges
> > to.
> >
> > But their parents are not exactly the NSA -- any spying that's
> > happening is almost definitely some sort of product, plus basic
> > things like maybe looking through their history. (I don't know much
> > about they're situation -- maybe they know more, so
> > well-if-you-know-they-do-this-then-you-could-do-this type advice
> > would still be helpful.)
> >
> > Would antivirus be able to detect spy-on-your-kids products? Would
> > they be able to scan their computer with like Immunet or something,
> > even if they didn't have administrator privileges?
> >
> > Tor would probably help -- unless the monitoring was looking at the
> > RAM or something for website names, which would be way overkill on
> > a commercial product, no? Or (more likely) if it was taking
> > screenshots at regular intervals, which would also break running a
> > VM or something. (Is there any way to detect taking screenshots?)
> >
> > I know probably the best thing would be running TAILS as a LiveCD
> > -- the problem with that is that it's REALLY obvious
> > over-the-shoulder.
> >
> >
> > Um, thoughts about any of those?
> > Any other things about parents as a threat model in general?
> >
> > I know this is pretty far from what is usually discussed on here,
> > but I'm really interested in what you think/it would potentially
> > help a lot of people.
> >
> 
> Okay so I've gotten a few responses to this, so just to clear a few
> things up:
> 
> -- I don't know this person IRL -- I'm giving them advice over
> online, so can't look at their computer, give them anything, etc.
> -- I don't know what spyware program is being used, that is one of
> the "can someone/how can someone do this" questions I am asking
> 
> And one major thing, which forgive me for getting kind of annoyed but
> literally everyone has either directly suggested this or ignored the
> issue: Parents monitoring/spying on their kids is VERY OFTEN part of
> an abusive or nearly abusive relationship.
> If "Just talk to them" was an option, I can GUARANTEE they would
> already have taken it to the best of their ability.
> "Just talk to them and install linux -winkyface-" is NOT a workable
> answer. Parents have a HUGE amount of coercive power and are NOT shy
> about using it.
> 
> And for that matter, "wipe it and install linux" is really unlikely
> to work either. Rubberhose Cryptoanalysis is in full play here -- a
> PRIMARY goal is "hide it from your parents as much as possible",
> because confiscating your computer for arbitrary periods of time is
> ALWAYS AN OPTION. If they find something password protected, they are
> totally capable of just saying "haha, stop playing around, you're
> grounded and we're confiscating the computer until you stop being
> unreasonable and give us the password". Also, an arbitrary kid at
> home isn't gonna be able to just install Linux. Linux requires you
> to /know what you're doing on Linux/, and these kids have their hands
> full dealing will everything else their parents overbear already.
> 
> 
> Thought outline::
> -- Find out or narrow down the ways their parent might be monitoring
> them software-wise
> ---- Is there Spyware installed on the computer itself?
> ------ detecting: is there a list they can look through "My Programs"
> to see if any matches? Would doing a full scan with a free antivirus
> detect them as spyware, or would there be "this is a commercial
> product for parents" exception to the lists?
> ------ assessing: if they can find which spyware is being use they
> can just look up the capabilities. But if they can't? What
> capabilities do most child-spyware products have? Is it possible to
> narrow down by price-range for what they can afford?
> ---- Is there spyware running on the network? Traffic monitoring and
> stuff? ------ That's harder to find, but using the Tor Browser should
> completely negate that
> ---- bypassing softwarewise-things:
> ------ depends entirely on the capabilities. At the most simple, they
> can be bypassed by just not using the normal browser. More
> complicated and I can totally imagine a Superfish-like-thing
> monitoring all internet traffic -- even HTTPS -- for keywords. Is
> constant screencapture a common feature that we need to worry about?
> -- Non-software-based things:
> ---- Manually looking through browser history: again, Tor Browser
> doesn't keep history
> ---- Demanding access to email account: use one for
> school/parent-friendly stuff, and create a secret one.
> ---- What else is there?
> 
> 
> e.g.: Here's the parental controls/monitoring built into Windows 8:
> http://windows.microsoft.com/en-us/windows-8/monitor-child-pc-activity
> (For the specific case that I'm asking about, I don't think they have
> Windows 8, but other versions of Windows probably have similar
> capabilities) And here's a top-ten comparison for child-spying
> software: http://parental-software-review.toptenreviews.com/
> 
> Would that be able to track the websites visited by the Tor Browser?
> 
> So specific questions to start:
> What if any free antivirus, running with user permissions, would
> detect commercial spy-on-your-child-ware?
> 
> If they're running a LiveCD/LiveUSB (you're right, probably USB --
> faster, more common, easier to excuse for, and persistence), how well
> can it be disguised as the original operating system? How much of
> that work can be done by people who aren't the child, so that the
> child can have as much of a plug-and-play experience as possible?
> 
> Besides actively taking screenshots, are there any other potential
> issues for the Tor Browser? e.g. is looking at RAM (unlikely for a
> commercial parent-spy software?), scanning throughout the entire
> filesystem looking for bookmarks (Also seems over the top if the Tor
> Browser is kept in a not-completely-obvious location?), other
> capabilities?
> 
> 
> 
> Again, I don't know them at all IRL, so I can't look at their
> machine, help them install/inspect things, etc.
> 
> And in general, I think it would be really valuable if we can create
> will-work-for-70+%-of-people tactics that a kid/teen online can take
> to get around their parents, so it would be great if we mapped out
> more a general threat model for parents, and possible responses to
> that.
> 
> Thanks.

The issue here is that if there is nothing you can actively do
yourself, you are very limited in term of options. I know it sounds
obvious, but security isn't easy, thats why most people don't bother
with it. 

Something I might try would I be in your shoes would be helping them
obtain the tor browser (I don't know how you're in touch with them but
providing it for them would be more discrete than them looking for it on
google) and have them use it a few times to see if it gets some kind of
reaction. 
I think using a live cd as a way to hide what they do would not be very
effective, I don't think kids (no matter how old they are) would like
to constantly switch from their actual pc to a live cd, and if they
just stop booting from the hard drive the lack of activity on it might
betray them (not to mention I would expect parents that monitor their
kid's this way to at least check up on them from time to time, and not
even the fake windows xp skin from tails is going to save them when
they hear the door opening).

However, would I indeed be in your shoes, I would then be trapped
between a multitude of scenarios depending on the degree of monitoring
that is happening, and the only way to be sure that you're really
outsmarting the parents would be to really go full on, and you cannot
do that. You make it sound as if they might be pushing the whole
forensics thing very far (I don't think thats what is happening, but of
course I have no way to know), if so they might be using HIDS that
would defeat the purpose of installing (or even running) software to
help anonymity. Maybe they run they run they own firewall and monitor
it very carefully. There really is no end to this. 
So as I said, estimating the degree of paranoia needed beforehand would
save you some time and allow you to think more clearly about solutions
that really fit the problem. Try to works with the kids to get
sufficient informations about the parents level of ability with, and
access to such technology. 

Lastly I agree that parents should try to monitor their child activity
on the internet, the same way they might forbit them to go into a bar
or an empty street at night, but there is a difference between blocking
anything from a few websites to most of the internet, and spying on
communications and exchanges that do not involve you. The obvious risks
should be dealt with, but a minimum of trust seems only natural toward
your own children.

-- 

Goto Daichi (nerv) <nerv at fastmail.fm>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQENBFVl0RcBCADHL0fGKZ/4MAciOo9GqKnCz6f9qu1Q+1gOSu7anHTEALePUXrI
VFXdYfcB9D91mfYhSPdI6Wf4f3YNqJJozIaGo1p7g7Oo0j2n8KR/xgxtGLSqkyc7
I4Pkhg0SCa5pm2ty9cyfrUWrRwgopEj4bJlR2L0HHhTQBoVo9h30XtWeLPwwg+O1
vUGDgiLniHKBwna5jMp0I/bZxuM9ztxWXEmiEkqIh65dT6mcjJx2visSDAZGB033
pU/EQFTxyavFOlypZG+WCGo8VNJkzEf6cHMVKJsi6aBi8ewGiw0SuYfYSY9Fed8I
rLq0990FfB2NT26BRmJM+6Svs8+fJe3o+YNnABEBAAG0JUdvdG8gRGFpY2hpIChu
ZXJ2KSA8bmVydkBmYXN0bWFpbC5mbT6JATgEEwECACIFAlVl0RcCGwMGCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEIH6UEN73OdVe+sH/i5I5C1A8EzvK3wuetsK
8mPAiTFdw+x1tYrvS2A/eYAjKP1wfx9csB+Q9n94HFv7FtP5IbceZ5BdMtjagBa3
uWmHA/Pf5zoE3MaTSeY16mBEr141bTWzIdWofLgi0IrKPch8onEnTdd2hBWvJTPU
F8Zb176trSEpYEACo+6QUppFUmXDGhvVzAfOMJZU8mjfQvf5haamcYTeOifG0riW
vXjSDJJCFuMtj5uTRES9bRxKsyL2zW9B+DW9es4YIJ2zCgnSajoBGQu+kjrWzZG9
qlz5L0SbgQ4cRy4BT9o9AToK5Rs1eixEvHIten2agC7yMUbhGMyXYNRk+3NSJcJb
Zfi5AQ0EVWXRFwEIANwbm4X50uUHDYgT038WI8LfEd8Gh0UABAxRjn4AlpuaXJKL
mVY24iRTEHdspuBP12e11E9FiYO6/As7XSBIH/ZUFogffQGPh3Dyr4r9mBPBp+qR
NDy5tP5g6qbAYtJnDznaEldjsrF4FzrFcS3/9oCjOX3in98qYh+PS6DU3+emUn7V
P7socUmxgckidhvaWkAj6dsmZbg4kkWhGvarzCbehCZxKGgtfRfyTWeQfTYbSrSD
sxYZRb6lMBcVlY1Us6Uanw+au9vJPnS3nbZQJDhfJ/utTmaBpyIn6+4f4Ku049qp
YntER2RJiX+bHhVNa8IR5E4946pxZfBt6dY5Fo8AEQEAAYkBHgQYAQIACQUCVWXR
FwIbDAAKCRCB+lBDe9znVcxyB/iEiBpDbN8siHNCfJlFL98Au/GV9fE7H8IgCZ6o
rKKEjWEPML+FhlAYfbVlVnqSnmoLFloSYqhDymY+4S0IS/QcMnY2u017Rb1AIbF1
5BYzK1cTGDbeLObeJaIVr+DHEl+goPL9YgHg/X3WmFrO7nGP3Fv/n+VFn+S4zGE0
1yGFU9vdNGZkC7ddlDhGvophLJHHxfGSiGnjXKq9vR+xq2yyH0EZqLlCEprMmTo1
X+EpRNLZA4p5oee5RI/t6zk92DElTLuDqbPTnQNQd9tVwPeNQXsgWR+SPYD7vLQI
hez47/0guyHoHwMDjkiXq4uwgGT0YdZ8lDoT2Z8BiApLMRI=
=t27C
-----END PGP PUBLIC KEY BLOCK-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150531/eeca83c7/attachment-0003.sig>

More information about the cypherpunks mailing list