NoScript Protects Your Privacy

Civil Rights, Computer Privacy, Internet Anonymity, Internet Privacy No Responses »
Jan 072011

Malicious code on websites is a serious threat to privacy and security online.  Malicious code, can be used to steal personal information.  Web code can be used to track your location, and compromise your privacy.  This is especially worrisome if you are intentionally trying to hide your true identity.  Of course, the most common use for malicious web code is profit for the crooks who write the code.  Your computer may become “infected” with fake viruses that prompt you time and time again to buy useless “antivirus” software, or just for the heck of it, your credit card number or social security number could be lifted from web forms.  It is important to be vigilant against this threat, especially if you not a tech savvy computer user.

Fortunately, there are tools to help you protect yourself from these attacks.  NoScript is an extraordinarily useful plugin for Firefox that keeps your personal data private and protects you from unwanted intrusions into your computer.  NoScript is simple, easy to use, and intuitively blocks scripts, plugins and other code that could be used to compromise your computer during visits to a website.

After you install NoScript, you are going to notice just how prevalent scripts and java are on modern websites.  You will notice that most websites just do not work without them.  By default, NoScript blocks all scripts.  Fortunately, it is easy to allow scripts on a site by site basis.  If you trust a site, for example, your bank, you will allow all scripts to run. The benefit is clear.  The first time you visit a site, NoScript will completely block all scripts.  If you decide to trust the site, you can allow scripts, but if you are on a questionable site, you can decide to leave the scripts blocked.

A good example of the usefulness of NoScripts appears on the site stayinvisible.com.  With Javascript disabled by NoScript, Stay Invisible, can detect only your external IP address.  In my case, it is the IP address of my proxy server.  Stay Invisible, gives you are warning that you are “visible” because you have javascript disabled, but this is not the case.  Disabling Javascript has prevented the site from capturing a good deal of private information that you may not want disclosed.

When scripts are allowed, the site can gather your real IP address, and much more about your computer.  Malicious scripts can be written to gather much more personal information about you and your computer.  If you are interested in protecting your privacy, and you do not want certain sites that you visit to know who you are, you must disable certain scripts on that site.  There is another option as well.  If you use a VPN type proxy, the JavaScript will not be able to circumvent the proxy and your real IP will not be disclosed.  This makes a VPN type proxy superior to a regular HTTP or SOCKS proxy for web browsing.

Scripts Blocked

NoScripts blocks unwanted and dangerous scripts

Scripts allowed
When scripts are allowed, the site can gather a great deal of information about your system. They don’t have to tell you they are gathering this information and can use it for whatever purpose they please.
Posted by Administrator at 2:41 PM Tagged with: , , , , , ,

TSA employees paid to look at your naked family, grope your children

Civil Rights, Fourth Amendment, Privacy News, Privacy rights No Responses »
Nov 172010

So you’re off on your yearly family vacation. You are prepared for the growing list of inconveniences at the airport.  You wear slip on shoes, and ensure that your children do the same.  You don’t wear a belt or carry change in your pocket.  No deodorant, medicine, sunscreen, or hygiene items in your carry on bags.  OK we are ready to go.  Well not quite.

Newly implemented technology and “Advanced pat down” techniques ensure that you and your family will either be seen naked, or have your genitals manhandled before you are allowed on the aircraft.  According to new policy, if you opt out of the full body scanner treatment, you will receive an advanced pat down with a complimentary genital groping.   According to TSA chief John Pistole, “The patdown is unavoidably intrusive, embarrassing, uncomfortable…”.  Need I say more?

Of course you need not be subject to the pat down.  All you and your children have to do to avoid it is go through the body scanner.  Don’t worry though.  The TSA claims that the agent cannot see your face, and cannot interact with you.  The TSA also claims that it does not save any of the images(however, it does not state that another agency or company does not store the images).  That’s good, because the scanner does not leave much to the imagination.

I feel safer already

Now, I know we need to be vigilant in our efforts to stop people from using airplanes as weapons against our nation, but is all this humiliation and degradation really necessary?  Do they have to feel up my children or view them naked?  I guess I will need to explain to them that it is OK if the TSA thug touches them in their private areas, because they are agents of the government.  They are just making us safe.  But are they really making us safe?  What are they really protecting us from?  An underwear bomber?  A shoe bomber?  What happens when the religious zealot shoves C4 up his rectum to blow up a plane?  Will the TSA make cavity searches the next mandatory search?  Why not?  It will save me a trip to the proctologist, and I don’t have to fly after all.

The real rub here is that these machines really will not make us any safer.  They will only give people the illusion that the government is protecting us, while simultaneously indoctrinating Americans and enculturating heavy handed government authority into our every day lives.

In my opinion this is a violation of our right to privacy and to be free from unreasonable search.  The government does not have the right to violate our constitutional rights simply because we have a choice.  Of course we do have a choice.  We will not be getting on a plane unless we submit to the humiliating roughhousing or peepshow. We are still free to drive or take the bus, but of course, that is a privilege too.  At what point do we stop allowing the government to trample our rights in the name of exercising our privileges?  The right to be free from unreasonable search is not dependent on whether we choose to fly.  We have that right, no matter the choices we make.  That is, if we fight for it.

Posted by Justin at 3:42 PM Tagged with: , , , , ,

Run your whole home network through a single SSH proxy

Computer Privacy, Internet Anonymity, Internet Privacy, Uncategorized No Responses »
Nov 172010

What you need:

1. A computer
2. A network
3. Access to a SSH proxy service

Have you ever wanted to run all your computers and networked devices, such as Roku players, BluRay, dvd, WD HD live players or any other networked device through your proxy without installing software on every device?  There are a few advantages to this setup. For one, there is no way to install proxy software on many network devices.  These network devices may need to be proxied to gain access to certain content with geological restrictions.

You need to have access to a proxy server in the US.  There are many to choose from. I use secure-tunnel.com Webtunnel SSH. What we will do is set up a local proxy that routes your connection through another proxy in the United States, where the content is available.  You need to get everything right for this to work, but it really is not too difficult.  It will take about ten to fifteen minutes for someone with moderate computer ability.

First you need a computer.  I am assuming that since you are reading this, that we are covered there. This computer must be running while you are tunneling your Xbox connections.

Now Download Putty, a free SSH client with the necessary capabilities.

Run Putty and enter the name of your proxy server and port number in the Host Name.  I entered webtunnel.secure-tunnel.com as this is the server to which I will connect.

Putty Configuration

Scroll down to SSH and click on the label.  Check the box marked “Don’t start a shell or command at all”.  This will ensure that Putty only opens tunnel connections.

putty configuration

Open SSH and then open Tunnels.  We will now create the necessary port forwards to route the media through the proxy.  First, ensure that the box next to “Local ports accept connections from other hosts” is checked.  This way, other computers (or your xbox) can route through your computer.  This is not a good idea on a public network but if you are on a personal network, it is ok.

The source port can be whatever you want, but it must be a free port so picking something high will be best.  I chose port 9999.  The destination will be whatever the proxy provider uses on their servers to route your data.  It could be localhost, or web chameleon, or mixmaster.xxx.xxx but for secure-tunnel it is webtunnel.secure-tunnel.com on port 8080.  You will have to consult your proxy service to find what they use. Once this data is entered, click add.

putty configuration for secure-tunnel

Your connection is now all set up.  Go back to session, and give it a name under saved sessions and then click save.  This way you will not have to enter this information each time you connect.

Now click open and you will be prompted for your username and password.  You are now connected to your proxy server, but not quite done with your setup. You will be prompted by your firewall if you are running 7 or Vista.  You should allow Putty to access the internet.

Open the start menu and enter cmd in the run line.  Once the command prompt is up, type “ipconfig”

You will see something like this:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :

IPv4 Address. . . . . . . . . . . : 192.168.121.222
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.121.1

We are interested in the Ipv4 Address.  This will be the address you enter as your proxy server, in your device.  Remember the source port you chose in the tunnels section of Putty?  That is the port you will enter for the proxy port.  In my case, I would enter 192.168.121.222 port 9999.  This would connect to Putty and send my data on the way to the proxy server.

Posted by Justin at 12:03 PM Tagged with: , ,

French Officials Crack Down on Free Music; Civil Rights

Civil Rights, Computer Privacy, Courts, Internet Anonymity, Privacy News 2 Responses »
Oct 262010

A French agency that reports to the French Ministry of Culture dubbed “Hadopi” has been scouring the internet for months, harvesting the IP addresses of French citizens who have downloaded copyrighted materials .  By law, the ISP must hand over the email address of the customer hadopi has determined is guilty of downloading music or movies.

The anti-piracy law was passed after years of heavy lobbying by the SCPP, a French organization that appears to be similar to the RIAA and MPAA in the United States.  The SCPP claims that listening to music that was freely downloaded off the internet costs France’s music industry $978 million per year.

But it is much more complicated to calculate the true cost of free music to the French music industry.  It costs the music industry exactly $0 to put the music on the internet.  Each user that downloads the music costs the industry exactly $0.  Each time a French citizen listens to the music they downloaded for free, it costs the French music industry exactly $0.  So, $0 times the number of songs downloaded and listened to equals $0.  Huh, maybe that was not so complicated.

hadopi

Look Honey! The government is shutting off our internet for a year because we did not know how to secure our internet connection! Thanks Hadopi!

Of course the SCPP does not mean that piracy actually costs the music industry any money.  That is just clever way to say that the music industry has failed to capitalize on an opportunity, and blame those who have failed to increase their wealth.  It is actually the consumer’s fault for not buying their product when it is available for free.  What they are saying is that the music industry could make $978 million more per year if there were tough laws in place to prevent free distribution of music.

And pass tough laws is exactly what France did.  The law specifies that no matter who actually downloaded music or movies, the owner of the connection is responsible.  Three strikes and you can be barred from accessing the internet for a year.  And what of those who are not tech savvy enough to secure their internet connections?  Well thankfully, hadopi is writing instructions to help people protect themselves from those who would use their internet connection.  Very kind of them.  Maybe hadopi should have written instructions for the music industry detailing how the they can increase profits without trampling the civil rights of millions of French citizens.

Posted by Administrator at 9:10 PM

Firesheep highlights risks of insecure networks; makes it easy to steal private information

Internet Anonymity, Internet Privacy, Privacy News 1 Response »
Oct 262010
Firesheep

Sheep

Your personal data has never been more vulnerable on the internet than it is at this moment.  If you use Facebook, twitter, Google, or any number of other sites that use an unencrypted cookie to log you in, your account can easily be hacked by anyone with access to the network you are on.  This means that a person running Firesheep can log into your Facebook account and make embarrassing posts in your name, or worse yet, they could  log into your gmail account and have access to a wealth of personal information.  It could cost you much more than a little embarrassment.

This could easily be resolved by logging into the site with an SSL encrypted connection, but most of these sites do not even offer encryption as an option.  The best way to prevent your account from being stolen is to use an encrypted proxy or VPN server.  A VPN service, such as SecureTunnel.com will encrypt all of your traffic, including the transmission of cookies, so you will not be vulnerable to this attack.

Posted by Justin at 11:55 AM

Fox blackout on Hulu for Cablevision subscribers

Privacy News 1 Response »
Oct 182010

Fox content is currently unavailable on Hulu for Cablevision customers pending resolution of a carrier dispute between News Corp and Cablevision.  News Corp is demanding about $150 million to air their content to Cablevision subscribers, and has also barred Cablevision’s broadband internet subscribers from viewing the content on Hulu.  Carrier disputes among media companies are not uncommon, but blocking certain ISP customers from viewing content on Hulu is unorthodox.  Hulu is already unavailable in most of the world because of licensing requirements but Americans have always been able to enjoy whatever content they want.  Is this a sign of more restrictive and expensive times to come, where each ISP is required to pay licensing fees to media giants in order to be allowed to display content?  Of that I am not certain, but Cablevision subscribers can thwart this ban on content by using a proxy service such as lockfox which will make it appear as though they are coming from somewhere else.

Posted by Justin at 8:35 AM

9th Circuit Guts Computer Privacy Ruling; Tramples Fourth Amendment

Computer Privacy, Courts, Fourth Amendment, Privacy News 2 Responses »
Sep 212010
4th amendment under fire

4th amendment under fire

The nullified ruling required that the government retrieve only specific information as specified in the search warrant, rather than simply imaging the hard drive and sifting through all the data contained.  If the government agent cannot do this effectively, the hard drive would be sent to an independent third party contractor that would sift through the data on the drive to locate the data pertinent to the search warrant.  The contractor would then send the relevant data and only the relevant data to the government agent.

The new ruling still maintains that information not included in the warrant must be excluded from the search and data found that is outside of the scope of the warrant cannot be used, but the ruling omits the detailed guidance as to how to collect the data.  The judges in their opinion urged “greater vigilance on the part of judicial officers in striking the right balance between the government’s interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures.”

The ruling is clearly problematic for the fourth amendment of the constitution which reads

“The right of the people to be secure in their persons, houses, papers, and effects, against        unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon          probable cause, supported by Oath or affirmation, and particularly describing the place to be              searched, and the persons or things to be seized.”

The bill of rights was written to restrict the government in its actions against the American people.  It was designed to protect the citizens from the extraordinary power of the government.  Nowhere in the fourth amendment is there mention of balancing prosecutorial interests with the rights of the people.  It is clearly written to protect the citizenry from unreasonable search.  Scanning an entire hard drive, when searching for a bank transaction amounts to unreasonable search.

The Obama administration(insert link to kagan.pdf) argues that the Plain View Doctrine applies to computer seizures so any data recovered in a search would be admissible.  As Solicitor General, Elena Kagan asked the 9th circuit court of appeals to reconsider its ruling that protected data and set forth guidelines for data collection as the fourth amendment gets in the way of a speedy prosecution.

The ruling stems from a 2004 case when federal prosecutors were probing a steroid ring and obtained a warrant to seize the results of urine samples of 10 Major League Baseball players from a drug testing

Posted by Justin at 1:09 PM Tagged with:

Google CEO Predicts The Future Web Will Contain No Anonymity

Computer Privacy, Internet Anonymity, Internet Privacy, Privacy News 1 Response »
Sep 142010

The web is a dangerous place, devoid of the rules, regulations and rationality of the physical world.   People feel comfortable sharing things on social network sites and public forums that they would never say in person.  Politics, religion, sex; nothing is out of bounds on line, because people feel safe in their own homes, or in the office behind their monitors.  They often never face their opponents or fans. They don’t have to because the internet offers them a buffer between their ideas and the real world.  In a sense, they are anonymous.  There is no requirement to register your real name or location online.  You will never be stopped by an officer and asked to see identification.  You can be whoever you want to be, but if Eric Schmidt, CEO of Google is correct, this will all change in the near future.

Speaking at last month’s Techonomy conference, Google CEO Eric Schmidt made some ominous predictions about the future of anonymity on the web.  Speaking about anti-social behavior and data online, Schmidt said “The only way to manage this is true transparency and no anonymity,” Schmidt said. “In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.”

Anonymity is synonymous with privacy, but is anonymity a prerequisite for privacy?  That depends on who you ask.  The CEO of Google believes that anonymity is a threat to society.  In a video interview Schmidt stated “Privacy is incredibly important.  Privacy is not the same thing as anonymity…But if you are trying to commit a terrible, evil crime, it’s not obvious that you should be able to do so with complete anonymity.”

What Schmidt states is arguably true, but it begs the question: If you are not committing a terrible, evil crime, should your anonymity be compromised? How do you tell the difference? For those who value their privacy, and don’t want their personal lives interrupted by anyone, be it advertisers, employers, people with nothing better to do, or the government, should they have to give up their anonymity to appease governmental prosecution efforts?

It is clear that Schmidt is correct about dwindling anonymity.  Logging requirements in Europe are becoming more and more harsh.  Emails must be saved for six months in the UK, web activity must be save for at least 4 days.  Ease of prosecution is being sold as safety to a increasingly complacent public and in many cases, the public buys into it.

Opponents of internet anonymity often argue that if one is doing nothing wrong, then there is nothing to hide, and one should submit to the logging, and tracking because no harm will come of it.  It may be true that no physical harm will come, but the freedom that is lost, when you must rely on trust alone to protect privacy is too large a cost to bear.  It is why there are locks on bathroom doors, and indeed bathroom doors at all.  Sometimes it is just wrong to stare at someone and log their activities when they have the reasonable expectation of privacy and anonymity.

Posted by Justin at 1:27 PM Tagged with:
© 2011 anonymise Suffusion theme by Sayontan Sinha