Thursday, October 11, 2012

Internet Security – Privacy Is the Exception

"Just because you are not paranoid it does not mean they are not out to get you" - Jacob Appelbaum.

Mobile phones and the Internet allow us to communicate instantly, stay abreast of current events and search for and find information on nearly anything. Telecommunication tools have made us social animals to an extent that we have become insensitive to privacy and carelessly exposed.

The Internet has become indispensable. The question is how should we use it?

I had the opportunity to attend a presentation by Jacob Appelbaum, an independent computer security researcher and hacker. Jacob has worked with Wikileaks and many other avant-guardists IT projects. Jacob’s Wiki is one of the few with a category titled: ‘Investigation and detainment’. I was fascinated to hear that he knows, he’s a ‘suspect’ and permanently under surveillance by security services because of his choice to protect his privacy and that of other human right activists.

Listening to questions during the presentation made me think that some human rights and social activists in Africa may be today in jail because they ignored threats to their privacy and to those involved in their projects. Therefore, it is important civil society members working or training on citizen journalism, social media or human rights advocacy take in consideration security of their members and provide them with alternative tools.

Long story short - allow be to present you some facts before sharing with you a number of tools that we can use to protect our self and those we are communicating with:
  • We all leave a data trail every time we log into the Internet
  • State run telecommunication monopoly provides State with possibility to intercept communication (Waffle Interception which still passive in many African countries)
  • Powerhouse telecommunication companies do sell interceptive devices to oppressive regimes. These Support Contracts must be considered as human right violation
  • Any document you send via e-mail is lost, out of your control
  • Wireless connections in public places or hotels are just as insecure as tablets and smartphone 
  • Whoever owns and carries a mobile phone has become a traceable object. The smarter the phone the more data we give away. The truth is iPhone and tablets’ users are more vulnerable understood that these devices can store data about the user without his consent or knowledge
  • Privacy include your location, relations, hobbies and communications
  • We all have something to hide. Today Internet is saying we must share everything. Privacy has become suspicious.
  • Whoever abstains to use a mobile phone or to create a Facebook profile is a ‘suspect’. Privacy is longer the norm but the exception
  • New surveillance by government and commercial entities is a threat to society
Things we should not take for granted
  • ‘Behaviour profiling’ by Google and Amazon can be consider as breach of privacy. How they can read your mind? As we have become dependent of technology – breach of privacy has become moral because it cannot be avoided
  • Facebook had complied to US federal law and has provided the US government with data on millions of its users. Now Facebook to data ‘Chat’. Some researches prove a relation between the increase in arrest warrant by police in the USA and provision of users personal data to US intelligence by social media platforms and telecommunication companies
What can we do – SAFETY PLAN

<>If we remove the ability to be identify, we remove the ability to be a target
<>We cannot hide completely but we can use tools that buy us and others time 

1. ToR browser is a traffic analysis privacy with secure backup use by human rights activist worldwide
When you use a Tor client, your Internet traffic is routed through Tor’s network. The traffic travels through several randomly selected relays (run by volunteers), before exiting the Tor network and arriving at your destination. This prevents your Internet service provider and people monitoring your local network from viewing the websites you access. It also prevents the websites themselves from knowing your physical location or IP address – they’ll see the IP address and location of the exit node instead. Even the relays don’t know who requested the traffic they’re passing along. All traffic within the Tor network is encrypted.

Tor strength is on using it to download Martus and then, use them together for greater protection.

2. Martus is an open-source technology tool that assists nongovernmental organizations (NGOs) collect information on human rights abuses. Martus cannot recover your data should you lose you log in. Martus and Tor are the most use tools but activists worldwide to protect their messages, browsing, location and identity. Tor and Martus are runned by volunteers. 

3. Off The Record (OTR) OTR messaging allows you to have private conversations over instant messaging by providing: Encryption (No one else can read your instant messages); Authentication (You are assured the correspondent is who you think it is); Deniability (The messages you send do not have digital signatures that are checkable by a third party. The messages are authentic and unmodified); Perfect forward secrecy (If you lose control of your private keys, no previous conversation is compromised)

4. Red Phone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. - Easy to use available for Google and iPhone.

5. Private GSM provides end-to-end encryption for your message/chat. Available on iPhone.

6. Ostel promotes the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices, as well as with desktop computers.

7. Gibberbot is a secure chat client capable of firewall and filter circumvention, surveillance blocking and end-to-end encryption. Available for Android phones.

8. Text Secure is a security enhanced text messaging application that serves as a full replacement for the default text messaging application. Available for android phones.

9. Crabgrass is software libre web application designed for social networking, group collaboration and network organizing.

Always remember the followings:
  • We are not told the whole truth about platform and social media applications we are using.
  • There is privacy by policy and privacy by design. Most telecommunication and Internet platforms show what their policy/T&Cs say but not what their design do. Never trust privacy by policy – if you can, verify their codes to see if they don’t do more than what they say
  • Any device/app that can help you access/recover your data when you have lost your password  - has total access to your data. Dropbox has become very popular. The fact that it can help you recover your data means it is not 100% secured.
The world is dark, immoral and disturbia. As democratic and repressive regimes worldwide are upping surveillance of their citizens, it is important that self-consciously everyone of us takes action to protect what we still can - our privacy.

"Internet insecurity is like HIV – none of us is immune. We all need to use ‘Active’ protection" says Jacob Appelbaum.

Please let us know - should you have used any of the above tools.