CHAPTER V — INTERNET & COMPUTER COMMUNICATIONS

CHAPTER V

INTERNET AND COMPUTER COMMUNICATIONS

You are under surveillance, but you don’t have to be. You are under surveillance by default because you don’t understand the extent to which you are being watched and your habits are being cataloged. You believe that it just doesn’t matter because you are not aware of the evil plans that may be used against you or your friends and family. You cannot relate to this concept because you don’t understand that there are networks of individuals who want to control what you do and control what you believe. They want to do this for their own psychotic and sociopathic agendas.

Imagine if one of the parents with whom your children carpool to school each week is arrested, (not convicted or tried or anything like that, only arrested) for allegations of distributing marijuana. His mobile phone is confiscated and copied by the police conducting the investigation and in the contact list, the police find your number and your spouse’s number. Your phone account now becomes part of the investigation, in the same way the original suspect’s did. After reviewing phone location data, the police come to the conclusion that their suspect has spent time at your home on several occasions, for more than an hour in many cases. Some of these visits are discovered to have been birthday parties for your children, in which your children were given gifts. The police want to investigate…. etc. You get the idea, I hope. This is no joke, the wrong attitude to have is “well, it’s the government, its knows everything about us, no privacy”, or, “I’m not involved in anything illegal, have nothing to hide.” This thinking may lead to incredible grief and the police state descends around and upon us.

When I proof-read this section, it sounded a bit dramatic, like it was a movie or something. But it is and there is significant cause for your alarm. We need to start recognizing these situations as very likely risks to what we hold dear, our freedom, the sanctity of our homes, our money, and good names and reputations. Just take a look at how many video cameras you are exposed to each day, including traffic intersections and public places. You are being video recorded hundreds of times a day. Should this be ignored? Should you ignore this especially when it brings significant risks to our well-being and is very easy to avoid or mitigate? No intelligent person would disagree that we need to change up our habits slightly, if not for anything else, so that we don’t end up on some episode of “Cops”.

This is what I have concluded for myself and what has caused me to take the actions I have, each of us is a suspect in a perpetual criminal investigation, and we’d better act like it.

Online Biography/Personality

It’s important to create an online identity that does not include the same name you use as your legal identity, such as on your driver license. You can create an entire profile yourself by listing your current information, such as date of birth, social security number, home address, and then altering it in a new list of data and assigning a new name to that for use on the Internet. That way it looks real, maybe the new date of birth is within a couple of years or months of your real one, and your birth place is a few counties away, or in another state.

But if you lack the imagination or patience to do this for yourself, it can take at least hours and hopefully you get it right the first time, you can use a service such as http://www.fakenamegenerator.com/gen-random-us-us.php to do it for you. Obviously the credit card information is not real, but will verify in order to qualify for those “free” services.

Many of you may not have used the Internet in the mid-nineties, but back then you logged onto the Internet from a blank screen and blinking cursor. If you didn’t know the long command path name of the address you wanted to visit, such as a bulletin board service, you didn’t have Internet access. Today is a different story, Netscape developed the third “iteration” of the Internet browser, a window into the Internet driven by pictures and a code we know today as HTTP, HyperText-Transfer-Protocol. Many other browsers have been created since that time. You will want to make your browser as private as possible.

Browsers

Tor or The Onion Router is, according to its own site, “free software and an open network” that basically defends you against network surveillance or traffic analysis. To allow anonymous surfing, this open-source tool re-routes network traffic through Tor nodes, which are Tor-running computers owned by volunteers from all over the world. Not only does Tor bring anonymous internet surfing to your browser, it can also hide your country of origin for any application, prevent websites from tracking users (and their physical location) and help users bypass websites blocked by their Internet service providers (ISPs) or government.

1. My choice for best browser for privacy: Firefox. It is open source, works on multiple platforms, has lots of extensions, and can be downloaded here: http://getfirefox.com

2. Install Ghostery add-on to block cookies: https://addons.mozilla.org/en-us/firefox/addon/ghostery/

3. Install BetterPrivacy add-on to block flash cookies: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/

4. Type “about:config” in the firefox address bar. Search for keyword “google”. Double click on each entry that has the word google in it to edit the “value” string. Just delete the value string. By default, google “Safe Browsing” is enabled, this service will block potentially harmful sites, but it also sends address information to google and gives google the power to arbitrarily block access to sites.

5. Install Https everywhere: https://www.eff.org/https-everywhere This will make the browser automatically use an encrypted connection any time one is available.

6. Open Edit>Preferences. Click on Privacy. Under History, select “Use Custom Settings for History” Check the box to Clear History when Firefox closes. Under settings, you can choose what is deleted when firefox is shut down.

7. Open Edit>Preferences again. Click on Security. Uncheck the box that next to “Remember Passwords for Sites”. Rather than having firefox remember your passwords, I recommend using another trusted password manager, such as: http://www.keepassx.org/

8. Install and use private search engines:

Startpage: https://startpage.com/eng/download-startpage-plugin.html

Ixquick: https://ixquick.com/eng/download-ixquick-plugin.html

DuckDuckGo: https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-ssl/

Now that the dust has settled over the disclosure that the NSA has been actively engaged in a surveillance program called PRISM for several years, we can now get down to the business at hand. (Image credit: www.techinasia.com)

You can do this yourself and for no cost. The discussion is limited to Desktop systems only, not Tablets and Smartphones.

Some rules apply to this discussion:

1) Don’t talk about private matters in a public place

2) Don’t leave your valuables in an unsecured public place, lock them away for safe-keeping

3) Provide information only on a ‘need to know’ basis

If those rules seem obvious, it’s because that’s how you conduct yourself in the physical real world. And, it’s no different on the Internet. That is common sense really when you think about it.

On-line Storage

Kim Dot Com and the MegaUpload ISP seizure by the U.S. government is a blazing roadside neon sign from which we can all learn. It’s an incomplete yet to be told story about how people used this site for storage of their personal things but turned into an International scandal when corporate entities assisted by the government brought pressure to bear with a website take down. The whole issue of what happened and how it was handled is still unclear, but it is nonetheless emblematic of what potentially can happen if such a take down occurs and results in interrupted service for all ISP tenants, irrespective of whether they were negligent in any way.

It also points to the question of ‘how’ data is stored on Cloud ISPs. Is the ISP doing anything to protect your data? If so, what? Those questions should be answered before storing any sensitive data in the Cloud.

In fact, MegaUpload did nothing to protect its customers’ data. As a result, the majority of tenants were held hostage to a take-down because of a few who used the site for illegal file sharing.

So what should you be looking for? If you really have sensitive personal data then take the same precaution as you would in the real-world — keep it locked away and don’t give the key to anyone.

In the real world that is fairly easy to accomplish. That’s why we have a burgeoning business with locksmiths and safe manufacturers and such to maintain privacy.

As for the Internet, well, essentially the only way to guarantee your privacy is with encryption, no way around it. And, the only 100% fool-proof way to do defeat access thereto is with what is called Zero Knowledge Encryption (ZK). Effectively, ZK encryption encrypts your data store at an ISP but only you have the private key to unlock the data.

ZK cleans up what would have otherwise been a ‘messy’ relationship between the lessor of Cloud storage drive space and lessee who stores data in it for free or an agreed to periodic subscription fee. As a direct side effect and benefit of using ZK technology, the lessor then has zero knowledge of what the lessee is storing. Had this been the case with Kim Dot Com and MegaUpload, Kim could have asserted ‘plausible deniability’. In so doing, neither the RIAA nor the MPAA would have had reasonable and justifiable cause to legally challenge MegaUpload, as the ISP could irrefutably claim to possess no knowledge of what the lessee is storing. Thus, commercial and governmental third-parties would have no choice but to come directly to the lessee to question how that space is being used and would be put in the position to present specific details for their inquiry directly related to suspicion of wrong doing and demonstrating probable cause for granting any search warrant.

Currently, the U.S. Patriot Act has a provision called a demand National Security Letter which allows U.S. governmental access to any ISP to obtain a copy of any account holder’s private data and it legally restrains the ISP from communicating in any form that the event occurred to anyone. Microsoft, Google and civil liberties group the Electronic Frontier Foundation, are petitioning that such represents a violation of our constitution’s First Amendment rights with the Federal Intelligence Surveillance Court which oversees provisions of the Federal Intelligence Surveillance Act of 1978.

So, you can plainly see why it is coming to this. Encryption. Use it to protect your privacy. Start looking for an ISP that offers Zero Knowledge, such as SpiderOak and Wuala. Any other form of encryption in the Cloud is unacceptable. There are ‘unofficial’ rumors that Google is beginning to roll out encryption for their Google Drive storage. If it is anything but ZK, don’t use it for your personal data.

Browsing the Internet

If you want to keep your Internet browsing habits truly private, deleting cookies, and setting the user agent string to ‘DO NOT TRACK’ are useless. It’s entirely up to the ISP to ‘respect’ the latter so don’t rely upon it.

The best way to do anonymous surfing is by using a VPN proxy service. Essentially, this service sets up the VPN service as a proxy connection encrypted tunnel between you and their end point. The ip address given to you going out of the VPN’s end point to the Internet is then randomized so that there is no relationship to your actual ip address and a translation mapping brings back all browsing over the VPN to you transparently. Some VPNs are free, others will require a subscription fee payable monthly or yearly, such as vpnproxy, for example.

SocialNets and Chat

Being ‘social’ is the latest rage, of course, and the need to stay in touch with Friends encourages use of devices to text and chat. Currently, Facebook and Google Plus use the open source standard Jabber/XMPP protocol. By default, your chat log is stored in a central server. And, Google very recently announced they will be phasing out Google Talk (the XMPP component) in favor of their own ‘Hangout’ proprietary protocol.

There is more than one way to keep your chat’s fully private. With Google’s Hangout on Google Plus, you can explicitly set, for example, your chat as ‘off the record’ and there will be no persistent logging of your chat sessions. Even then, if a third-party (cough PRISM) chooses to bridge your stream (aka ‘Man in the Middle’) they can eavesdrop on your voice, video, and text streams.

For the ultra-paranoid, currently there are a few solutions. One is to use Pidgin with their ‘Off the Record’ (OTR) plugin, a name borrowed from the well-known cryptographic protocol of the same name. This effectively allows taking any stream (AIM, Facebook, G+, etc.) and setting up an encrypted tunnel between you and the other person with whom you are communicating.

Another option is to install the Cryptocat plugin for Chrome or Firefox. Cryptocat also uses the OTR cryptographic protocol for private messaging.

Otherwise, yet another alternative is to avoid using any of the standard messaging protocols in favor of a P2P decentralized encrypted connection via RetroShare. I’ve written several stories regarding the importance of RetroShare. Retroshare, being on its own P2P closed loop, has it’s own secure messaging chat software.

Email

Email by default is clear text and if you use it to communicate it can be read along the path of mail transfer agents to its destination recipient. And, in the case of Gmail, that email along with everything else on Drive is all unencrypted. That means all of your data can be read by third-parties.

Encryption solutions include using GnuPG or PGP encryption. The problem with methods like GPG encryption is that, while free, most software application implementations are not user-friendly and, as such, difficult to use by the general public. Commercial solutions include Symantec Encryption Solutions and Phil Zimmerman’s newest Silent Circle, and are both viable options to consider. (Image credit: www.philzimmerman.com)

One other realistic alternative is to use RetroShare’s email. Essentially, Retroshare’s 2048-bit RSA encrypted F2F channels are totally encapsulated on a ‘closed loop’ away from the world wide web’s non-encrypted email system. As such, RetroShare email is guaranteed to be strictly private and devoid of any spam.

DarkNet

If you want to employ tools which offer guaranteed pure privacy, then your list of choices is only a few. I’ll save you some trouble — the technology used is called DarkNet and, while it does sound subversive, it, however, represents the only form of software technology which is 100% ‘effective’ in combating Internet snooping of any kind. Not all darknets are alike and I would encourage you to only consider RetroShare’s product. If you want to fully lock down your RetroShare environment, you are only a few click settings away from running in pure stealth darknet mode. You need not feel embarrassed in employing this tool — it is the NSA who should be ashamed of their activities, spying on Americans without the use of the traditional and appropriate procedural Judiciary search warrant oversight process, which provides constitutional checks and balances on the potential for abuse of authority.

RetroShare offers currently the best reference design for what should be integrated into all computer desktop GUIs. We accept the need for integrated Office Automation tools and soon privacy-mandated applications will find their way onto the Desktop as part of a standard default deployment of operating system software.

RetroShare is written in C/C++ using the advanced Qt gui framework and is currently available for Windows, Linux, OSX, and BSD machines.

4 Ways To Protect Yourself Against Keyloggers

Keyloggers are one of the most well known and feared security threats on computers today. They’re feared because they are generally hard to detect, and because the damage they do is often meant to extend beyond the infected computer. A virus may seek to crash a computer, ruin its hard drive, or take some files, but a keylogger is usually employed to take personal information, be it a password or credit card number.

There are many ways to protect against keyloggers, however, and ensure that you don’t become a victim of identify theft or have to deal with any lesser hassle, like a hijacked World of Warcraft account. While no defense is perfect, these steps improve your chances.

Use a Firewall

In most instances, a keylogger has to transmit its information to a third party in order for it to do any harm. This means sending information out of your computer via the Internet. Although a very close examination of your network usage might reveal a keylogger, you can’t count on that as a means of monitoring for them. The bandwidth taken up by recorded keystrokes is virtually undetectable in a broadband world.

A firewall is a great defense against keyloggers because it will monitor your computer’s activity more closely than you ever could. Upon detecting that a program is attempting to send data out, the firewall will ask for permission or display a warning. Some firewall software, such as ZoneAlarm, provides you with the option of shutting down all inbound and outbound data completely.