Author Topic: Email encryption and web browsing anonymizing  (Read 8144 times)

Offline Warabit

  • Fledgling Prepper
  • *
  • Posts: 4
  • Karma: 0
Email encryption and web browsing anonymizing
« on: November 01, 2013, 09:39:26 AM »
I am not sure if this topic from Jack's episode with Michael Evans has been discussed, but Jack asked for an easy way to encrypt what you do on the internet. I do some cybersecurity on the side for fun as well as for the National Guard.

Email Encryption
Here is a video from Hak5 that walks through the steps of setting up OpenPGP (Pretty Good Privacy) for several different web-based email sites. These guys are all about cyber security and provice a great service with their videos (www.hak5.org). What the heck is PGP you ask? Go Here.

Web Browsing Anonymity
For simplicity sake I will recommend something that many use including middle east revolutions to circumvent government censorship and remain (relatively) anonymous. (link1 link2)

www.torproject.com

TOR is not without its faults though, it does have it's weaknesses. The Government/NSA does not like TOR for obvious reasons, and can figure out who you are. For example, the FBI busted Silk Road's Owner despite his efforts to remain anonymous. Silk Road was a website that was basically a virtual black market that only allowed bitcoin to be used as currency.Did I mention NSA doesn't like TOR?.

Tor will slow down you internet speed when you use it. This is how Tor works folr those of you interested. You can even buy or make a TOR client to carry around with you. You just connect whatever device you want to it and start browsing anonymously in your hotel room.

Sorry if this post is messy/rushed, but I am at work. Maybe I will clean it up later. I hope this helps answer some questions.

Offline Going Galt

  • Senior Survivalist
  • ****
  • Posts: 234
  • Karma: 2
Re: Email encryption and web browsing anonymizing
« Reply #1 on: November 02, 2013, 08:47:26 AM »
TOR should only be used with great care, though.  It does have its uses.  But, its flaws are significant.

The major problem are the exit nodes.  For those who haven't read up on the details of TOR, there are 3 layers of TOR nodes you pass through, with each layer automatically encrypted except for the final layer of exit nodes.  These are the nodes where your packets must leave TOR and continue on through the regular Internet to their final destination.  It has to be this way, since the final destination of your packet needs the packet as you originally sent it, so it obviously can't add any TOR encryption to that for the packet to be meaningful. 

So, anyone can be an exit node.  If you install the TOR software and turn on the feature that makes you an actual TOR node (don't do this if you're worried about your ISP shutting you down for being a server), you will at random be an exit node for about 1/3 of the packets coming through your node.  What this means is you can run any packet sniffer of your choice, such as Wire Shark, and see what's going through.  Anyone not using an SSL connection from their computer to the final destination will have everything in the clear for you to steal.  And, people most definitely do this on purpose, running a TOR node just so they can get lucky and steal some data that comes through.  I can't know this for a fact, but I would not be surprised if half the exit nodes out there are run by the NSA.  Some of them have to be; we just don't know the exact percentages.

Therefore, if you ever transmit any data that you must absolutely never let anyone ever see, you need to have an SSL connection.  However, we recently learned the NSA has all the root certificates that are used to sign certificates for the various servers you connect to.  So, they can decrypt most SSL connections very easily.  So, not even SSL will protect you from them.

Another problem is many forums and other web sites detect the TOR exit node jumping around every 10 minutes for your connection, then automatically lock you out.  You can't just use TOR for all your browsing activity.  You have to be selective.

Here are things I would never use TOR for:
1. Connection to your personal email account, forum account, your facebook account, bank account, etc.  Basically, connecting to anything that can independently be determined to be owned by you. If you created the account outside of the TOR network, don't use it with TOR.
2. Any personal info whatsoever that isn't over an SSL connection.

What I would use it for:
1.  Random web searches and browsing, in case you want to look for topics that would otherwise "not look good" if they saw what you're browsing.  You're only transmitting the URL you want to see, and the contents that come back.  No personal account info.
2.  Connecting to "personal" accounts (emails, forums) that can't possibly ever be traced back to you.  They basically have to be anonymous.  This means you need to have created the account while using TOR, never provided info that would otherwise identify you, and from that point on never accidentally accessing the account outside of TOR.  And, only if the connection is over SSL.  This is the kind of use that a dissident might use to communicate to the outside world without getting caught.




Offline Going Galt

  • Senior Survivalist
  • ****
  • Posts: 234
  • Karma: 2
Re: Email encryption and web browsing anonymizing
« Reply #2 on: November 02, 2013, 09:02:25 AM »
And, here are some of my comments about what people can do that may be a little more practical than TOR.

First, immediately, as in right now, set up startpage.com as your browser's default search engine.  Stop using google for searches!  Do you really want every thought that you ever wanted to search for immediately available to the feds?  It isn't immediately obvious how to set up startpage as your default search engine, so "google" how to do that and you'll get hits right away.

I found something I like better than TOR... its a proxy service called TorGuard, $4 or $5 a month.  Don't let the name fool you; it doesn't actually use TOR.  It just has proxies in numerous different countries, so it looks like you're connecting from Norway or whatever other proxy you choose.  It establishes an encrypted VPN connection from your computer to the proxy server, so your ISP and all the nodes between your ISP and the proxy server can't see what you're doing.  Since it is a VPN, it encrypts and obscures everything, not just browser connections.  You should be able to use this with email and other forums without getting blocked; the node doesn't jump around unless you on purposely change it.  I wouldn't connect to a bank or CC account with it though; they don't usually like foreign connections for US accounts.

For instant messaging, I like "pidgin" with the "pidgin-encryption" plugin.  You set it up with YM, AIM or whatever other messaging system you want to use, and it'll encrypt them using PGP.  Pidgin is here:

http://download.cnet.com/Pidgin/3000-2150_4-10281799.html?tag=mncol;1

And the plugin is here (after installing, be sure to "enable" the plugin or it'll do nothing):

http://pidgin-encrypt.sourceforge.net/





Offline Av8er1

  • Prepper
  • **
  • Posts: 13
  • Karma: 0
Re: Email encryption and web browsing anonymizing
« Reply #3 on: November 02, 2013, 10:08:29 AM »
I've been using StartPage some and really like it a lot.

Offline Alex Shrugged

  • Prepper
  • **
  • Posts: 82
  • Karma: 13
    • Alex Shrugged
Re: Email encryption and web browsing anonymizing
« Reply #4 on: December 16, 2013, 11:20:22 AM »
StartPage seems to be working hand-in-hand with a Dutch company, https://IXQuick.com....which is fine with me. [Correction... they say they are exactly the same thing. They are using the name StartPage because it is easier to remember.]

The video for StartPage on how to set up StartPage is fabulous and the woman directing you is clear and engaging, so I recommend watching the video if you want to set up a new search engine for your browser. Or you could go direct to IXQuick. It looks like the same thing. IXQuick was recommended to me long ago. I forget where. It was OK but not fabulous so I drifted away from it. I'll try it again.

Caution: Some businesses (like your WORK!) set up a proxy server and place an SSL certificate in your company browser that allows them to decrypt your secure session and then encrypt it again...like your "secure" connection to StartPage. This allows your boss to track what you are doing on StartPage or your banking session, or that E-bay bidding war you have going. It is perfectly legal for a business to track your "secure" connections like that. Just keep it in mind. Don't change anything on their settings at work. That would be wrong. No. Really. Don't do it. You shouldn't be doing personal stuff from work anyway.

How do you know if your boss is decrypting your secure connections? Check your browser settings on your work browser. It has a setting for PROXY SERVER. If there is information in that setting then everything that goes to and from your browser, goes through the company server FIRST. Nothing wrong with that. It's probably a sensible thing for a company to do to protect COMPANY security... but that doesn't help you much with your PERSONAL security.

In Firefox your proxy settings (if they exist) would be set in Tools->Options->Advanced->Network->Settings

If it says "Use system proxy settings"... then you will have to go to your operating system's control panel to see what those settings are.

Alex
« Last Edit: December 16, 2013, 11:28:33 AM by Alex H »

Offline MrThirteen

  • Survivor
  • ***
  • Posts: 139
  • Karma: 9
    • Thirteensworld
Re: Email encryption and web browsing anonymizing
« Reply #5 on: December 17, 2013, 03:06:31 AM »
I find very useful information from Steve Gibson and Leo Laporte's "Security Now" podcast.  Steve's website has a page where you can check the fingerprint of the site you are visiting to see if it is the same as what he sees from his servers.  If they are the same then likely you are good.  If they are different, then it's likely that there is a Man in the middle or your employer's watching you..

This is the link to the fingerprint site.  It explains what it does and how it works... https://www.grc.com/fingerprints.htm

Also if you want to learn about PGP and other security related stuff, then check out https://www.grc.com/sn for details on the podcast and latest episodes.

As far as TOR is conserned, I use TOR bundled in Tails at the moment.  Another option through a virtual machine is Whonix.

Tails information can be found at: https://tails.boum.org/

Whonix at: https://www.whonix.org/wiki/Main_Page

Links to how to setup Startpage: https://startpage.com/eng/download-startpage-plugin.html and https://support.startpage.com/index.php?/Knowledgebase/Article/View/206/0/how-can-i-perform-startpage-searches-directly-from-the-firefox-url-address-bar

Both the above links presume you are using Firefox.  If you are using Internet Explorer... STOP IT just STOP IT. (There are so many reasons why IE is horrible for your security.  Start using Firefox, Opera, or Chrome right away.

Hope this information is helpful,

13

Offline Alex Shrugged

  • Prepper
  • **
  • Posts: 82
  • Karma: 13
    • Alex Shrugged
Re: Email encryption and web browsing anonymizing
« Reply #6 on: December 17, 2013, 11:55:39 AM »
I find very useful information from Steve Gibson and Leo Laporte's "Security Now" podcast. 

I wholeheartedly endorse the "Security Now!" podcast and while I have my own expertise in computer programming and networks, I have benefited greatly (and sound a lot smarter than I actually am) due to Steve Gibson and his marvelous podcast on computer security. I have been following him since he was writing for InfoWorld.

If you are technically minded, you can find his podcast in various places but especially at the Twit network and on Roku (though it's been a while since I've watched on Roku.)

http://twit.tv/show/security-now

FYI, I am not associated with Steve Gibson in any way. I receive no money from him nor his associates... not even a pat on the back. I am just happy with his podcast.

Alex

Offline karim18

  • Survivor
  • ***
  • Posts: 119
  • Karma: 6
  • New TSP Forum member
Re: Email encryption and web browsing anonymizing
« Reply #7 on: December 30, 2013, 12:27:31 AM »
Quite frankly, for surfing, you are better off just flat out surfing. It was recently disclosed that the TOR network is operated by the FBI. I would think, especially if you are doing nothing wrong, that you would cause much less suspicion by just browsing for what you want.

Offline skas

  • Survivor
  • ***
  • Posts: 149
  • Karma: 4
Re: Email encryption and web browsing anonymizing
« Reply #8 on: December 30, 2013, 04:38:25 PM »
Quite frankly, for surfing, you are better off just flat out surfing. It was recently disclosed that the TOR network is operated by the FBI. I would think, especially if you are doing nothing wrong, that you would cause much less suspicion by just browsing for what you want.

That's not entirely accurate.  The FBI was exploiting a publicly documented (and fixed at the time of the exploit) bug in Firefox and getting people running older versions of Firefox or the TOR browser (which is based off of Firefox).

I disagree with the previous comments about TOR being problematic because exit nodes aren't encrypted.  This same problem exists with pretty much any service that would be encrypting your traffic...Somewhere along the line that traffic will be decrypted, even if using a VPN service.  Your best bet if using TOR and aiming for anonymity is to ensure that you are using TLS/SSL (https) connections to any websites you're hitting through TOR to ensure that the traffic is encrypted before, during, and after entering the TOR network.

+1 to the previous Steve Gibson comments, dude knows what's up.

Offline ag2

  • Dedicated Contributor
  • ******
  • Posts: 1034
  • Karma: 41
  • Been fishin' lately?
    • My Startup Challenge
Re: Email encryption and web browsing anonymizing
« Reply #9 on: December 31, 2013, 11:47:07 AM »
+1 for mention of Steve Gibson.  Indeed, he is like the father of IT.  Interesting tidbit: He taught college classes (computer science) when he was still in high school.

So, "I" have this idea and want to ask you guys if it can be done.

I want to build a "website", the content of which will be loaded mostly by people who visit, browse and upload their own contributions.  I want this to be grassroots.  I don't necessarily want a static URL for the website, primarily because I don't want it to be traced back to the owner.  My goal is for this to be moderated, but socially operated, and resistant to being shut down.  (There's nothing illegal about it, but I'm quite certain that most politicians will not like it.)  btw, I do not want to monetize it and frankly, I personally do not want to run it, nor does the person who thought of it and would like to see it launched.  So if someone else is interested, let me know and I'll share more about it.

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17065
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: Email encryption and web browsing anonymizing
« Reply #10 on: December 31, 2013, 03:24:28 PM »
+1 for mention of Steve Gibson.  Indeed, he is like the father of IT.  Interesting tidbit: He taught college classes (computer science) when he was still in high school.

So, "I" have this idea and want to ask you guys if it can be done.

I want to build a "website", the content of which will be loaded mostly by people who visit, browse and upload their own contributions.  I want this to be grassroots.  I don't necessarily want a static URL for the website, primarily because I don't want it to be traced back to the owner.  My goal is for this to be moderated, but socially operated, and resistant to being shut down.  (There's nothing illegal about it, but I'm quite certain that most politicians will not like it.)  btw, I do not want to monetize it and frankly, I personally do not want to run it, nor does the person who thought of it and would like to see it launched.  So if someone else is interested, let me know and I'll share more about it.


no static url for the main site or for any page on the site?

endurance

  • Guest
Re: Email encryption and web browsing anonymizing
« Reply #11 on: December 31, 2013, 05:14:17 PM »
What do you guys think of Safe Plug?

Offline ag2

  • Dedicated Contributor
  • ******
  • Posts: 1034
  • Karma: 41
  • Been fishin' lately?
    • My Startup Challenge
Re: Email encryption and web browsing anonymizing
« Reply #12 on: December 31, 2013, 08:30:19 PM »
no static url for the main site or for any page on the site?

Anonymity is the primary concern.  I guess I should not have even made a suggestion on how it should be accomplished, really.  Static or no static URL, I do not want it associated to a person (owner of  domain name).  I know that for extra money, that can be blocked, but I don't trust that. 
I want to post info and allow others to make contributions.  Once a person purchases a domain, there's a trail to the owner.  That is what I (or rather someone I know), wants to avoid. 

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17065
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: Email encryption and web browsing anonymizing
« Reply #13 on: January 02, 2014, 08:56:33 AM »
Anonymity is the primary concern.  I guess I should not have even made a suggestion on how it should be accomplished, really.  Static or no static URL, I do not want it associated to a person (owner of  domain name).  I know that for extra money, that can be blocked, but I don't trust that. 
I want to post info and allow others to make contributions.  Once a person purchases a domain, there's a trail to the owner.  That is what I (or rather someone I know), wants to avoid. 

then you will have to access the system by ip address. and have some way to pass around the new ip address when it has to change.

Offline liftsboxes

  • Dedicated Contributor
  • ******
  • Posts: 1636
  • Karma: 115
  • Quit Whining
Re: Email encryption and web browsing anonymizing
« Reply #14 on: January 02, 2014, 11:08:58 AM »
responding to follow

Offline skas

  • Survivor
  • ***
  • Posts: 149
  • Karma: 4
Re: Email encryption and web browsing anonymizing
« Reply #15 on: January 02, 2014, 11:15:13 AM »
What do you guys think of Safe Plug?

I haven't looked too far into it, just briefly browsed their site.  That said, it looks like it's just a TOR proxy for all traffic on your network...which could be quite handy if you're not willing/able to configure your router/network gateway to do that for you.

The same TOR concerns mentioned before would exist with this box, and I didn't look hard enough around their site to see if you end up acting as a relay (your bandwidth used to help the TOR network [helps make TOR better at the cost of your b/w]), but it could be a nice simple way to get everything on your network using TOR.

One thing to consider there though, is that if you do any streaming (Netflix, ESPN live feeds, etc, etc), this could be problematic if you end up exiting through a country/IP block that isn't supported by that service.

endurance

  • Guest
Re: Email encryption and web browsing anonymizing
« Reply #16 on: January 02, 2014, 11:24:05 AM »
...

One thing to consider there though, is that if you do any streaming (Netflix, ESPN live feeds, etc, etc), this could be problematic if you end up exiting through a country/IP block that isn't supported by that service.
I thought of that and the one feature that I liked is that it could be turned off easily for streaming.

Offline Alex Shrugged

  • Prepper
  • **
  • Posts: 82
  • Karma: 13
    • Alex Shrugged
Re: Email encryption and web browsing anonymizing
« Reply #17 on: January 02, 2014, 11:50:29 AM »
FYI... a lot of people are trying to figure out how to run anonymous services (untraceable) on the Internet with varying degrees of success (a nice way of saying various degrees of failure). Remember that if the (three-letter-government-agency) wants you... it can have you once it focuses on you so... I'll leave the rest unsaid.

Archer writes: "then you will have to access the system by ip address. and have some way to pass around the new ip address when it has to change."

Well... that is OBSCURITY....not anonymity but it is a good point to bring up. When the government "shuts down the Internet" what they mean is that they will shut down DNS (Domain Name Services). That means that even though http://thesurvivalpodcast.com web site will still be up and the computers running, your browser won't be able to find this forum because ultimately the only way one finds the web site is through it's IP address (Internet Protocol Address). How does your browser find that address? It does it in one of three ways.

1. It goes to a file on your computer in case you have the IP address stored locally (a legacy option still implemented).

2. It goes to your ISP's designated DNS Server (Domain Name Server) and asks if it knows what the IP address is for thesurvivalpodcast.com.

3. Failing that (or instead of that) you can designate a DNS server OTHER THAN the one your ISP provides.

But it all still boils down to an IP address which is what is tracked in the logs. So at some point you can be tracked.

Regarding dynamic IP addresses from your ISP, many home routers are designed to work with dynamic IP services... I used to use one in fact. Let's see if I can find it... Yes... http://NoIP.com You sign up for the service. It will poll your home router to see if your ISP has changed your IP numbers and if it has will direct all Internet queries to that new IP automatically. It does so in cooperation with your router so you have to configure your router to allow it to do so. Works fine and allows you to run your own server at home BUT YOU CAN STILL BE TRACKED. You will also have to open certain ports on your router to allow access from the outside which makes you vulnerable as well to hackers and those three-letter agencies who know all the hacker tricks.

BTW, if you want to find out what the IP address is for thesurvivalpodcast.com is, you can go to http://whatismyipaddress.com/hostname-ip and type in the domain name. It will spit back the IP address or addresses associated with the website http://206.190.141.186. If you click on the IP address they give you at whatismyipaddress.com, it will give you more information... probably more than you want to know... like... the thesurvivalpodcast.com server is in Providence, Utah. Big whoop! :-) But if the FBI wanted to serve a warrant on the Survival Podcast servers, it would have to begin in Utah and comply with whatever laws exist there first.

FYI, I'm just using the Survival Podcast as an example. It looks fine to me, but other web sites can be traced to give more relevant information... such as... http://whatismyipaddress.com/hostname-ip which is run by a holding company, CGP Holdings, Inc. If you look up CGP Holdings, Inc you will find it has it's fingers in any number of businesses throughout California and Texas. One wonders why they thought providing this Reverse Lookup service was a good idea for business. Your guess is probably better than mine.

It is still a good idea to remain as anonymous as possible if for no other reason than to avoid the annoying commercial trackers and popups telling you how important diapers are for you since you turned 60 along with various creams and ointments guaranteed to put the lead back in your pencil... so to speak. :-) And, of course, to avoid those that are tracking you for NEFARIOUS reasons so that they can empty your bank account. That kind of tracking is worth avoiding. They go for the easy mark. Don't make it easy for them.

Good luck.

Alex

Offline skas

  • Survivor
  • ***
  • Posts: 149
  • Karma: 4
Re: Email encryption and web browsing anonymizing
« Reply #18 on: January 02, 2014, 11:53:07 AM »
Endurance, I didn't see that, but that would be handy.  That said, if someone is trying to find you, I'd imagine they're specifically looking for accounts like that that can fairly easily be tied back to you.  Seems like a fairly gaping hole if you're trying to avoid surveillance, but handy for the other measures Alex (and others) have mentioned about not being tracked by non-alphabet soup agencies.

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17065
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: Email encryption and web browsing anonymizing
« Reply #19 on: January 02, 2014, 12:17:07 PM »
putting the IP address in a file so you can access it later in case DNS is down (for some reason) may not work since web servers often do what is called a 'virtual domains'.
This means that multiple sites are running on the same IP address, so the web server has to look at incoming traffic to the IP, determine what domain it is meant for, and send the data to the correct web server.

Offline Alex Shrugged

  • Prepper
  • **
  • Posts: 82
  • Karma: 13
    • Alex Shrugged
Re: Email encryption and web browsing anonymizing
« Reply #20 on: January 02, 2014, 12:31:17 PM »
I am trying out a couple of new services that MAY allow some anonymity and provide a means to pass information to a select few people you wish to communicate with... like people who you meet personally to whom you give the secret key.

Right now I'm checking out Bit Torrent Sync. This might have relevance to TheSurvivalPodcast.com since the podcast files are large and Bit Torrent Sync allows one to distribute large files with less bandwidth overall by distributing the burden across various peers in the network. Is it secure? It says it is, but I don't really know. According to Steve Gibson (the podcaster who has been pursuing this question of "How secure is Bit Torrent Sync?") the company has not published its security protocol as it promised it would so there is some doubt, currently, but as a basic distribution tool it has it's virtues. You can choose who has your secret key and you can change your key so that people can't thereafter download what is on your computer and distribute it across the peers. (This is a peer-to-peer network which has its own virtues and faults.... like... if an agent of the CIA signs up as part of your network... and you give him the secret key... well... you know the rest.)

You can find Bit Torrent Sync at... http://www.bittorrent.com/sync

The other possibility is a secure chat system. You saw in the news today that Skype is compromised. It has been ever since Microsoft bought it and BROKE IT.  Microsoft is using a man-in-the-middle scheme to monitor users "to protect it's customers" it says. But if Microsoft can monitor your Skype messages then so can various three-letter-government agencies. So... here comes Cryptocat at https://crypto.cat/.

You can still be tracked with Cryptocat. There is no anonymizing of your IP address but if you share a secret key between yourself and someone else, you can have a discussion and not feel like someone is scanning every word you type to "protect" you. The problem, of course, is the same problem with Bit Torrent Sync. You must share the secret key or what Cryptocat calls a "Conversation Name". You make up a name or a long string of letters and numbers and give that "name" to your buddies. They can enter the "Conversation name" and you are all connected securely. But anyone tracking you will know whose IP addresses are part of the conversation.

Good luck. Really. I mean it. It's tough out there and while there are good signs on the horizon for Internet Security it isn't here yet.

And finally, if I appear smarter than I really am it is due to my teachers, Steve Gibson for Cryptocat and Adam Curry for Bit Torrent Sync (Adam Curry distributes his No Agenda podcast this way).

Alex


Offline Alex Shrugged

  • Prepper
  • **
  • Posts: 82
  • Karma: 13
    • Alex Shrugged
Re: Email encryption and web browsing anonymizing
« Reply #21 on: January 02, 2014, 01:00:29 PM »
Here are a few links about Skype and the troubles they've had (and are of their own making)...

"For Syria’s Rebel Movement, Skype Is a Useful and Increasingly Dangerous Tool" (New York Times)...
http://www.nytimes.com/2012/12/01/world/middleeast/syrian-rebels-turn-to-skype-for-communications.html?_r=0

"NSA uses Windows error reports to spy on civilians" (IT Pro Portal)
http://www.itproportal.com/2014/01/02/nsa-uses-windows-error-reports-to-spy-on-civilians/

"Syrian Electronic Army hacks Skype’s social media accounts"
http://www.itproportal.com/2014/01/02/syrian-electronic-army-hacks-skypes-social-media-accounts/

Here is an article proving that Microsoft is scanning your Skype chat and that means that that the security is breached.... unless you trust Microsoft... then everything is fine... NOT!
"Skype with care – Microsoft is reading everything you write"
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

And here is a Microsoft apologist who says true things that are mostly beside the point...like... Microsoft is not reading EVERYTHING... just SOME THINGS...
"Is Microsoft reading your Skype instant messages?"
http://www.zdnet.com/is-microsoft-reading-your-skype-instant-messages-7000015388/