Category Archives: privacy

join the EFF summer security reboot and get some cool dice

DSC01217The Electronic Frontier Foundation is on the fore-front when it comes to defending our digital rights. Even as a European I think they are doing important work even though they are mostly US centric. This because whatever happens in the US ripples over the pond and affects Europe and the rest of the world anyway. That means that next to larger fast-food portions increased digital surveillance is on its way to the EU as well.
Next to protecting our digital rights they are the author of a number of awesome security plugins and tools like the HTTPS Everywhere and Privacy Badger browser plugins and a driving force behind the Let’s Encrypt free web site certificate tool set.

Next to a lot of security tools and tips (see the site & newsletter) they now have a Summer Security Reboot fund drive where you can get a cool geeky secure-password generating dice set for a mere $20 membership until the 20th of July.

So if you like what they are doing for a secure and free internet in the future, go check them out and get yourself some cool dice in the process.

If you feel more like donating to a EU centric counterpart of EFF, you can check out EDRI.org instead (no dice there though).

Photo by Violet Blue, cc-licensed.

how to protect your privacy online

Who Are You Looking At?

With the whole NSA PRISM storm blowing over the internet I thought it would be nice to compile a list of free and open source software I know that can help in safeguarding your privacy as an alternative to proprietary software or online cloud services which are not to be trusted with your personal data.

Hosting everything yourself is one way to go like the folks at unhosted.org suggest, but it isn’t free as it will a) cost you some money and b) usually quite some time to set everything up. Not everyone has the technical knowledge to do this either, so a list of open source software and trustworthy services for the masses would be great.

Turns out prism-break.org is just that kind of list, so that saves me the trouble of compiling it myself. Nice. Here’s another one with mostly the same items on it. Mostly.

Photo by Caneles, cc-licensed.

bursting out of the search bubble, or not

Space Helmet Bubble!

The search bubble. That thing where Google puts you in so your results are tailored to your preferences and habits. It’s kinda creepy and cool at the same time isn’t it? One of DuckDuckGo‘s main features is that they don’t put you in a bubble. So they don’t track your past queries, they don’t spy on your social media accounts to figure out what you read, like or retweet and they don’t tailor your results.

This video shows pretty nicely what that Google bubble looks like btw.

Scary isn’t it? The problem is however… it works so damn good too.

I know my results are customized, but when I look for .NET related stuff (which I do all the time at work for example) whatever I’m looking for is usually in the top 3. I know it’s biased, but heck, it works like a charm.
Outside of the bubble, I get more stuff I don’t want or isn’t what I’m looking for.

So it all depends on what you want doesn’t it? But it is a good thing to know that the bubble is there and that it learns from your queries. It’s also good to know that you can escape the bubble if you want to. And just logging out of your Google account probably isn’t good enough.

Photo by Rachel Titiriga, cc-licensed.

posting content anonymously

Heroes : M

One of the cool things emerging from the gazillion web 2.0 sites that popped up like zits on an unfortunate teens face are websites where you can publish your stuff without creating accounts or registering in any way. Anonymous so to speak.

Posting a quick snapshot online? Want to share a snippet of code? A collaborative manuscript? A mini-wiki for a short-lived purpose? There’s plenty of sites that offer these kind of functions without having to register. You can sign up if you really really want to in most cases, like if you want to claim, edit or delete things afterwards. But sometimes, that stuff is just overkill and maybe you just want to slap it online in a hurry or without any ties to your persona.

Here’s some good anon-services I found:

  • imgur.com: image sharing. Quick & easy. Keeps the pics as long as they are used for a fixed period of time. If not, they are deleted. Allows you to upload an image straight from a URL, which is damn handy if you want to avoid hotlinking pics from other sites.
  • bayimg.com, hosted by the lads from The Pirate Bay. Arrr! Free speech and all, upload anything (except pr0n that is).
  • pastebay.net, another one from The Piratee Bay lads. It’s like pastebin.com, but I’m sure more anonymous and certainly uncensored. Features are syntax highlighting for code and you can create your own sub-domain if you want to separate your snippets from others.
  • pastebin.com: I bet you’ve seen this one before. Paste text/code in an online notepad, allowing comments. Great for easy & quick copy-paste sharing.
  • pastehtml.com: the same as the above, except that this one takes HTML code and saves it as a working page on the site. It’s like free and ad-hoc web hosting. Pretty darn cool. Keeps the pages forever (or as long as the hosting is payed for) according to the FAQ. Needs a Facebook account if you want to claim pages. Sort of a  big minus.
  • wrttn.in: notepad/publishing tool. Create and publish text with or without markup, embed images, videos etc. Very minimal in style, but that’s just what makes it look good. All this without branding or ads. Sounds cool doesn’t it?
  • shrib.com is another notepad service. Simple and URL based. Share your notes, back em up, keep them private.
  • Last one for the minimalistic notepad shizzle is notepad.cc. Very clean and simple layout. Makes it all about just jotting down those notes. There’s always Google if you’re looking for even more of those type of notepad services.
  • piratepad.net : online collaborative Etherpad site. Allows for anonymous online collaborative text editing with a built in chat function. There’s more Etherpad hosts out there since it’s open source software. So if you want can even host your own. Oh yeah, and Arrrrr!!! of course. I almost forgot.
  • jottit.com : create a wiki, just like that. Anyone can edit, unless you claim it with a password. Sweet for mini sites and all!

A note on the use of “anonymous” here though. If you truly want to keep your identity hidden you might want to take additional measures than to simply trust the above websites in keeping your identity safe. Using a web browser to connect to any web site will give that site data about your browser, machine and geographical location. To shield this information and protect your online identity you should look into using an anonymizer like Tor.

your smartphone is watching you

56/365: I-Spy.

I started playing around with Foursquare to see what all the fuss was about with those “hey look at me I’m at the grocery store” apps. On itself Foursquare turns this whole thing into a little game where you earn points and merit badges for exploring new and exciting places, which stimulates you to explore even more new and exciting places. It’s fun.

What I learned additionally while playing around with it, is that even without the GPS active on the phone, or the WiFi-localization mode which exists on any Android & iPhone device, Foursquare could figure out where I was pretty damn accurately.

So how does it do this?

Android for example can determine a phone’s location by using GPS, WiFi and cell-tower signals. So while some applications don’t work well without a GPS signal, it’s not really required to get a (not so accurate) fix on your location. So all any app really needs is an internet connection, your cellphone network data and possible some WiFi network info to get a pretty darn accurate idea where you are. Without even using the GPS function on your phone. Interesting.

This isn’t something shocking and new, but it is something to keep in mind when you’re installing random apps on your phone. These apps only need internet access to send your approximate location to whoever wants to know. No other security restrictions required.

EFF posted this interesting article about what cell-phone companies can do with the location data they collect from your phone. But with the advent of the smartphone, anyone who writes an app might be doing the same.

Photo by practicalowl, cc-licensed.

why camera surveillance in mechelen won't work

The Belgian city of Mechelen is planning to put up road surveillance camera’s up on all big exit and entry roads to the city. The reason for this is -of course- the same as it always is when it comes to invading your privacy: to increase security. The plan is to scan every license plate that passes the camera and hopefully be able to stop or catch burglars more easily and scare them away from Mechelen.

I don’t have to tell you how scanning every car’s license plate invades the general public’s privacy, but that’s the price to pay for additional safety isn’t it? The problem with this solution is that it’s called a “Club solution” in the IT world.

A club solution works as long as only a small club of users (cities in this case) use it. So camera surveillance might scare off crooks, but it won’t stop them. They will move to other cities which do not have the same solution. This somewhat forces the other cities to apply the same tactic. After a while every major city will have camera surveillance in place and your solution stops working. It’ll make crime harder, but it won’t stop it. So they will return to the most profitable cities since there’s surveillance in all of them by now anyway.

I’m sure that a hardened criminal won’t be stopped by this. There’s plenty of ways to circumvent the camera’s when you think about it. Fake license plates, stolen cars, disabling the camera’s or simply making sure you bypass them by taking smaller roads.

So we end up with the public being watched at all time and crime at the same rates as it used to be. Big Brother is born one step at a time.

Photo by nolifebeforecoffee, cc-licensed

we all need a pirate party

You’ve probably heard of them in the news. The Swedish Pirate Party is one that sprung from the Pirate Bay bittorrent search engine lawsuits and is a modern party which focused on issues concerning privacy and copyright which have changed considerably in the last decade due to the influence of the internet and modern technology. A while ago I heard that the Belgium government is trying to get a Big Brother bill (Dutch article) across to force ISP’s to keep records over a period of two years of all it’s customers internet usage. For one this is going to cost a shit-load which the consumer will end up paying one way or the other. We’re already one of the most costly European countries to have a broadband internet connection in without this measure, so this won’t help at all. Secondly this is also a huge infringement of our privacy. Europe suggest logs are kept somewhere in-between 6 months and 2 years. Funny that they are going for the maximum term on this. Why not take the short end and don’t bother ISP’s with the investment of keeping huge databases? The worst thing about this whole deal is the potential privacy infringements this could cause and for what? Huge databases sitting there to be exploited, hacked and sold on to the highest spammy bidder. I don’t like it a tiny bit.

So Belgium could use a Pirate Party to protect us from bills like this IMO.
Does your country have a Pirate Party?

Photo by country boy shane, cc-licensed