Are we being spied on? The Proof..

Recently, I began to notice that emails from some of my more activist friends began to have some additional information in the message header.
Doing some investigation, I found that DHS requires that emails from approved computers include this information as a means to verify the accuracy and source of the message. So what were these people doing what I thought was corresponding from an approved computer? Were they agent provocateurs of the New World Order?

I have a number of freebie email accounts as most here do, so I decided to check my accounts to see if any of them have this information attached. The email accounts that I use for innocuous traffic such as one that I use to exchange gardening information didn't have it, but ones that I use to correspond with activist friends did. My conclusion is that someone is using this to track accounts of interest in order to create a social network analysis tool for their databases. Proof my friends that we are being spied on, even if all we are is politically active and have nothing to do with terrorism. It also proves that Fearless Leader's proposals to create laws allowing him to spy on terrorists is nothing more than a sham.

this is what the information looks like:
DomainKey-Signature:
a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=IRn6iPOFvBb+ao0jBOLXTD7p/mjipVBWbqJi4fKIf/oTd/znIbdk3mPZsdHkUNQ9msn2SZ9d0miiozf/YTv4Huipxnh1z6kKh1bMinQmS9+XP4e7+yDF4/CSokIFCf1mnLGw57w0YvPh0PXDNXAS5gmM88QQf/Yp7uCpzeQrxyg= ;
Each will have a unique 'HASH' that can be used do several things. Ensuring the message hasn't been modified is one, but your password can also be extracted form this information, by anyone with the right commercially available software.

at the terrorists. They are keeping a data base of "activists" so when this new torture act passes, they have a list of people to "collect".

just like extracting info from excel. Print me a list of names with everyone associated with x.

pointed out that they would be labeling teachers, environmentalists, and other "leftie" types as "terrorists" - with Rush leading the rewriting of the definitions ...

STARTED with terrorists. I believe this whole unwarrented spying is solely for the purpose of gathering info on political opponents and dissenters.

That's just the phony reason to do what they are doing.

and do the Hitler salute to these Nazi fukwads. And that's exactly what they are. "Terrorists" my ass.

connection to skiing.

Enemy of the State.

Like I really give a fuck.

or can, keep track of how people vote in these online polls (cnn, msnbc, aol etc.)?

that shows everything we've ever done that they can connect to.

If you want to keep something private, don't use the Internet.

I think DOD allowed the public to use the Internet for this very reason. Why do wiretaps when you can filter Internet traffic?

I'm just offended that I even have to worry about it.

Like they do with every important database. But then they'll find it and reassure us it wasn't accessed :crazy:

:eyes:

...meets the 21st century. They know who we are, where we live, with whom we communicate and what we talk about.

They are traitors and using all the powers of their offices to create a totalitarian state. Dissent, as demonstrated by their actions, will not be tolerated. We must use the time we have to spread the Truth about them.

Remember Mark Lombardi? The artist used his art to chronicle the BFEE social networks:



george w. bush, harken energy, and jackson stevens c.1979-90, 5th version, 1999
graphite on paper
20 x 44 inches

http://www.pierogi2000.com/flatfile/lombardi.html

Here's a close-up showing the ties between James R Bath, George W Bush and the House of bin Laden:



Lombardi was "suicided" about 18 months before 9-11.

Thanks for the heads-up, formercia. Much obliged for the materials to add to the case file of these un-American turds.

good work.

Traitor. Liberator.

Who imitates Whom?

Lombardi was one of the good guys.



The diagrams are amazing analytical tools. Helps the hologram we carry around on our shoulders, too.

THe hash uniquely identifies the message, but, password extraction and other claims you're making don't fit in to my world view ;)

Please enlighten me.

-Hoot

When I get a round tuit.

http://www.insidepro.com/eng/passwordspro.shtml

sorry if I kept you waiting...:)

To get a password out of a hash, you have to put one in it to begin with. But technically you can't get anything 'out' of a hash directly.

I agree that these are used to track emails, that is why it was created, to track spam and hopefully shut down spammers.

Hashes are funny little algorithims that produce a unique value for any given string and thus are used by lots of systems to store passwords without actually storing the password. Hashes in general are not reverseable so obtaining the hash will not give away the password. The only way to get a password (or any string) that generated a particular hash is to encode that password using the same hash algorithm, comparing it to the known hash value and remember what you passed in, which is a technique the software you link to is probably using.

SO, tracking, yes. Passwords, I highly doubt it.

Cheers,
-Hoot

and since I don't go around cracking passwords, its a conspiracy theory on my part. You're right, there has to be a password input at some point.
Perhaps we can coax one of the lurking NSA types to supply a little input here.

Signature actually means DHS is monitoring that email account? I looked through quite a few email headers, and found that line on all emails from Yahoo accounts, including emails from decidedly non-political people. I'm wondering whether it might have more to do with Yahoo.

DomainKeys is a method of E-mail authentication. Unlike some other methods, it offers almost end-to-end integrity from a signing to a verifying Mail transfer agent (MTA). In most cases the signing MTA acts on behalf of the sender, and the verifying MTA on behalf of the receiver.

DomainKeys is independent of Simple Mail Transfer Protocol (SMTP) routing aspects in that it operates on the RFC 2822 message -- i.e., the transported mail data, header and body -- not the SMTP envelope defined in RFC 2821.

Note that DomainKeys does not prevent abusive behavior; rather, it allows abuse to be tracked and detected more easily. This ability to prevent some forgery also has benefits for recipients of E-mails as well as senders, and "DomainKey awareness" is programmed into some E-mail software.

Since 2004, Yahoo! has signed all of its outgoing E-mail with DomainKeys and is verifying all incoming mail. As of 2005, Yahoo! reports that the number of DomainKeys-verified e-mail they receive exceeds 300 million messages per day.

http://en.wikipedia.org/wiki/DomainKeys

but there were a greater percentage of messages from activists that had domain keys than from messages from innocuous sources.

They can use it to track abuse or for any other reason, including social networks. If they are, the NSA is not going to confirm it.

I'm not saying they can't, or don't, use the domain keys for nefarious purposes. I'm just not sure how we can ever tell what they're doing with the domain keys (or whether they're targeted at activists' email accounts), when domain keys are so commonly used by major email providers. It's like looking for a needle in a haystack.

http://www.dnsstuff.com

Go to the right side, and the second thing from the top called Traceroute, put in NSA.GOV and I just did this, and got FIVE, yes 5, of the relays for my internet connection, are going through "unknown.att.net" (their italics, NOT mine) and we all know about the San Francisco ATT "secret" office, so what does that tell you? Try it for yourselves, I am willing to be the results aren't much different from mine. We ALL are being spied on, and it is WRONG and MUST STOP!

Here's my tribute to Bush and the NSA:
TERROR! 9/11! IMPEACH! RANDI RHODES! OSAMA RULES! JAIL BUSH!

Tracert is a command to see how many "hops" it takes to get to the source.

"Tracert yahoo.com" would show you how many "hops" it takes to get to Yahoo.

A hop would be a server, network, router...etc

Here is an example when I used Tracert on Yahoo.com (I took the first 4 hops out to protect my network)
5 13 ms 14 ms 14 ms 12.117.169.101
6 21 ms 22 ms 22 ms tbr2-p012401.dtrmi.ip.att.net <12.123.139.142>
7 22 ms 21 ms 21 ms tbr2-cl18.cgcil.ip.att.net <12.122.10.134>
8 21 ms 20 ms 21 ms ggr2-p3120.cgcil.ip.att.net <12.123.6.69>
9 20 ms 21 ms 18 ms 192.205.33.186
10 781 ms * 26 ms ae-31-53.ebr1.Chicago1.Level3.net <4.68.101.94>

11 * 30 ms * ae-1-100.ebr2.Chicago1.Level3.net <4.69.132.42>

12 * * * Request timed out.
13 35 ms 35 ms 36 ms ae-21-52.car1.Washington1.Level3.net <4.68.121.5[br />]
14 35 ms 35 ms 33 ms 4.79.228.2
15 36 ms 35 ms 35 ms ge-0-0-0-p110.msr2.dcn.yahoo.com <216.115.108.5>

16 36 ms 38 ms 34 ms ge6-1.bas2-m.dcn.yahoo.com <216.109.120.221>
17 37 ms 36 ms 35 ms w2.rc.vip.dcn.yahoo.com <216.109.112.135>

Trace complete.

There are a great deal of unknown hosts (not on mine) because not everyone uses DNS Names, they may use IP Addresses.

Dap

Or maybe a better question is what is an unapproved computer?

DNSStuff.com won't let me onto their website. When I switch to a direct connection, it will. Makes me nervous....and makes me unwilling to use the site!

goverment computers are pretty well defined and the computers have approved hardware and software.

Have you ever heard of TEMPEST?

Computers that store classified information have tight controls on how they are used.

The PC you order from Wally World would probably not pass the criteria.

Don't forget that a lot of the former Nixon people are involved and/or working for this admin. (Cheney and Rumsfeld).

This is just a means to authenticate that the email sent is really from who it is. All Yahoo!, Earthlink web mail and Google Mail (Gmail) accounts will have the DomainKey.

It doesn't mean though that your email hasn't been intercepted by a third party.

If you don't like DomainKey then the best thing to do is switch to an email provider that doesn't use DomainKey.

Mark.

DomainKeys are a powerful new anti-spam tool that Yahoo has designed. Here is how it works...

Each messages is "signed" by a private key. The public key for the sending domain is published in the sending domain's DNS as a TXT record. When your ISP's mail server gets the message, it looks in the sender's DNS for the public key. If the public key can authenticate the signature of the email with the public key, it's valid. If the signature cannot be verified, it's considered a spoof/spam -- as the spammer would need to have the private key in order to authenticate.

This hash is just that -- a hash. It's not encrypted data that includes your passwords.

Good heavens, people...

I didn't have the particulars, but I tried to debunk it above.

-Hoot

open an attachment. Can I get infected just viewing a web-site? I'm a mainframe programmer and I feel very stupid, but what is the difference between a worm and a virus? What activities can I avoid to stay safe? I've had the same e-mail forever, and I'm usually on dial-up. Although lately I've been staying at a hotel with high speed wireless (unsecured) and I logged onto that to download some songs from MTV's URGE - and watch Olbermann's video on MSNBC. If you want to respond with a link - that'd be good too.

Thanks!

A Hotel Wireless connection that does not have encryption leaves you wide open, unless they use some sort of encryption method, usually they are encrypted if they give you a "Key" to enter. I don't want to get too technical but if someone wanted to get onto an encrypted wireless network, they could probably find a way. I never do my banking or go to sites using personal information on any network that I do not know. I know my home network is safe and that's the only place I will use my personal information.

You can get viruses from messages if you open attachments. I would say never open an attachment from someone you don't know but with viruses lately, an email header can be forged showing that the message was sent from your friend. I have an anti-virus program that scans my messages as they come in.

When I installed Windows XP on my son's computer, I started downloading the updates and went to sleep, the next morning I woke up and could not connect to the internet. I did a scan and just by not having the firewall up, I had about 30 worm viruses. I'm glad I had already purchased the virus software. After I did the Windows updates, those security holes were fixed. So, you guys definately also want to perform your windows updates.

I'm not trying to scare anyone but your best defense is, like I said in a previous message, is to arm yourself with Anti-Virus, Anti-Spy, Firewall software and you might as well get an Ad Detection/Removal program. You can probably find them pre-packaged together. Nothing is 100% but it's pretty much close to it.

Dap

At least, not from what you describe.

As long as they spy on Democrats & other progressives, I will not accept the wiretapping. The American public only wanted them to spy on terrorists. They have gone well beyond that, & it is wrong in a country that is supposed to be a democracy.

Tammy

Domain Key's is not a government spying tool, tracert is basically a utility to troubleshoot connection issues and is used to troubleshoot other various issues.

If the govt wanted to spy on you they can just filter your TCP/IP Packets. Just like a hacker can put a keylogger on your computer or an unscrupulous company can add ad/spy software on your computer.

If you want to prevent some of the crap get a good anti-virus software, get firewall software, get an Ad removal/spy removal software. Stop downloading crap like Weather Bug, Comet Cursor and other Free Utilities.

If a "hacker" really wanted to get your information, there are many tools they can use to gain that information, just as the Government probably has their own "hacks". The above items will definately help you but it's not fool proof.

Relax people. It is so amazing, as an IT Tech, how if someones monitor blinks, they will contact support and tell us they have a virus. Relax.

Dap