NoScript Protects Your Privacy

Civil Rights, Computer Privacy, Internet Anonymity, Internet Privacy No Responses »
Jan 072011

Malicious code on websites is a serious threat to privacy and security online.  Malicious code, can be used to steal personal information.  Web code can be used to track your location, and compromise your privacy.  This is especially worrisome if you are intentionally trying to hide your true identity.  Of course, the most common use for malicious web code is profit for the crooks who write the code.  Your computer may become “infected” with fake viruses that prompt you time and time again to buy useless “antivirus” software, or just for the heck of it, your credit card number or social security number could be lifted from web forms.  It is important to be vigilant against this threat, especially if you not a tech savvy computer user.

Fortunately, there are tools to help you protect yourself from these attacks.  NoScript is an extraordinarily useful plugin for Firefox that keeps your personal data private and protects you from unwanted intrusions into your computer.  NoScript is simple, easy to use, and intuitively blocks scripts, plugins and other code that could be used to compromise your computer during visits to a website.

After you install NoScript, you are going to notice just how prevalent scripts and java are on modern websites.  You will notice that most websites just do not work without them.  By default, NoScript blocks all scripts.  Fortunately, it is easy to allow scripts on a site by site basis.  If you trust a site, for example, your bank, you will allow all scripts to run. The benefit is clear.  The first time you visit a site, NoScript will completely block all scripts.  If you decide to trust the site, you can allow scripts, but if you are on a questionable site, you can decide to leave the scripts blocked.

A good example of the usefulness of NoScripts appears on the site stayinvisible.com.  With Javascript disabled by NoScript, Stay Invisible, can detect only your external IP address.  In my case, it is the IP address of my proxy server.  Stay Invisible, gives you are warning that you are “visible” because you have javascript disabled, but this is not the case.  Disabling Javascript has prevented the site from capturing a good deal of private information that you may not want disclosed.

When scripts are allowed, the site can gather your real IP address, and much more about your computer.  Malicious scripts can be written to gather much more personal information about you and your computer.  If you are interested in protecting your privacy, and you do not want certain sites that you visit to know who you are, you must disable certain scripts on that site.  There is another option as well.  If you use a VPN type proxy, the JavaScript will not be able to circumvent the proxy and your real IP will not be disclosed.  This makes a VPN type proxy superior to a regular HTTP or SOCKS proxy for web browsing.

Scripts Blocked

NoScripts blocks unwanted and dangerous scripts

Scripts allowed
When scripts are allowed, the site can gather a great deal of information about your system. They don’t have to tell you they are gathering this information and can use it for whatever purpose they please.
Posted by Administrator at 2:41 PM Tagged with: , , , , , ,

Run your whole home network through a single SSH proxy

Computer Privacy, Internet Anonymity, Internet Privacy, Uncategorized No Responses »
Nov 172010

What you need:

1. A computer
2. A network
3. Access to a SSH proxy service

Have you ever wanted to run all your computers and networked devices, such as Roku players, BluRay, dvd, WD HD live players or any other networked device through your proxy without installing software on every device?  There are a few advantages to this setup. For one, there is no way to install proxy software on many network devices.  These network devices may need to be proxied to gain access to certain content with geological restrictions.

You need to have access to a proxy server in the US.  There are many to choose from. I use secure-tunnel.com Webtunnel SSH. What we will do is set up a local proxy that routes your connection through another proxy in the United States, where the content is available.  You need to get everything right for this to work, but it really is not too difficult.  It will take about ten to fifteen minutes for someone with moderate computer ability.

First you need a computer.  I am assuming that since you are reading this, that we are covered there. This computer must be running while you are tunneling your Xbox connections.

Now Download Putty, a free SSH client with the necessary capabilities.

Run Putty and enter the name of your proxy server and port number in the Host Name.  I entered webtunnel.secure-tunnel.com as this is the server to which I will connect.

Putty Configuration

Scroll down to SSH and click on the label.  Check the box marked “Don’t start a shell or command at all”.  This will ensure that Putty only opens tunnel connections.

putty configuration

Open SSH and then open Tunnels.  We will now create the necessary port forwards to route the media through the proxy.  First, ensure that the box next to “Local ports accept connections from other hosts” is checked.  This way, other computers (or your xbox) can route through your computer.  This is not a good idea on a public network but if you are on a personal network, it is ok.

The source port can be whatever you want, but it must be a free port so picking something high will be best.  I chose port 9999.  The destination will be whatever the proxy provider uses on their servers to route your data.  It could be localhost, or web chameleon, or mixmaster.xxx.xxx but for secure-tunnel it is webtunnel.secure-tunnel.com on port 8080.  You will have to consult your proxy service to find what they use. Once this data is entered, click add.

putty configuration for secure-tunnel

Your connection is now all set up.  Go back to session, and give it a name under saved sessions and then click save.  This way you will not have to enter this information each time you connect.

Now click open and you will be prompted for your username and password.  You are now connected to your proxy server, but not quite done with your setup. You will be prompted by your firewall if you are running 7 or Vista.  You should allow Putty to access the internet.

Open the start menu and enter cmd in the run line.  Once the command prompt is up, type “ipconfig”

You will see something like this:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :

IPv4 Address. . . . . . . . . . . : 192.168.121.222
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.121.1

We are interested in the Ipv4 Address.  This will be the address you enter as your proxy server, in your device.  Remember the source port you chose in the tunnels section of Putty?  That is the port you will enter for the proxy port.  In my case, I would enter 192.168.121.222 port 9999.  This would connect to Putty and send my data on the way to the proxy server.

Posted by Justin at 12:03 PM Tagged with: , ,

French Officials Crack Down on Free Music; Civil Rights

Civil Rights, Computer Privacy, Courts, Internet Anonymity, Privacy News 2 Responses »
Oct 262010

A French agency that reports to the French Ministry of Culture dubbed “Hadopi” has been scouring the internet for months, harvesting the IP addresses of French citizens who have downloaded copyrighted materials .  By law, the ISP must hand over the email address of the customer hadopi has determined is guilty of downloading music or movies.

The anti-piracy law was passed after years of heavy lobbying by the SCPP, a French organization that appears to be similar to the RIAA and MPAA in the United States.  The SCPP claims that listening to music that was freely downloaded off the internet costs France’s music industry $978 million per year.

But it is much more complicated to calculate the true cost of free music to the French music industry.  It costs the music industry exactly $0 to put the music on the internet.  Each user that downloads the music costs the industry exactly $0.  Each time a French citizen listens to the music they downloaded for free, it costs the French music industry exactly $0.  So, $0 times the number of songs downloaded and listened to equals $0.  Huh, maybe that was not so complicated.

hadopi

Look Honey! The government is shutting off our internet for a year because we did not know how to secure our internet connection! Thanks Hadopi!

Of course the SCPP does not mean that piracy actually costs the music industry any money.  That is just clever way to say that the music industry has failed to capitalize on an opportunity, and blame those who have failed to increase their wealth.  It is actually the consumer’s fault for not buying their product when it is available for free.  What they are saying is that the music industry could make $978 million more per year if there were tough laws in place to prevent free distribution of music.

And pass tough laws is exactly what France did.  The law specifies that no matter who actually downloaded music or movies, the owner of the connection is responsible.  Three strikes and you can be barred from accessing the internet for a year.  And what of those who are not tech savvy enough to secure their internet connections?  Well thankfully, hadopi is writing instructions to help people protect themselves from those who would use their internet connection.  Very kind of them.  Maybe hadopi should have written instructions for the music industry detailing how the they can increase profits without trampling the civil rights of millions of French citizens.

Posted by Administrator at 9:10 PM

9th Circuit Guts Computer Privacy Ruling; Tramples Fourth Amendment

Computer Privacy, Courts, Fourth Amendment, Privacy News 2 Responses »
Sep 212010
4th amendment under fire

4th amendment under fire

The nullified ruling required that the government retrieve only specific information as specified in the search warrant, rather than simply imaging the hard drive and sifting through all the data contained.  If the government agent cannot do this effectively, the hard drive would be sent to an independent third party contractor that would sift through the data on the drive to locate the data pertinent to the search warrant.  The contractor would then send the relevant data and only the relevant data to the government agent.

The new ruling still maintains that information not included in the warrant must be excluded from the search and data found that is outside of the scope of the warrant cannot be used, but the ruling omits the detailed guidance as to how to collect the data.  The judges in their opinion urged “greater vigilance on the part of judicial officers in striking the right balance between the government’s interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures.”

The ruling is clearly problematic for the fourth amendment of the constitution which reads

“The right of the people to be secure in their persons, houses, papers, and effects, against        unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon          probable cause, supported by Oath or affirmation, and particularly describing the place to be              searched, and the persons or things to be seized.”

The bill of rights was written to restrict the government in its actions against the American people.  It was designed to protect the citizens from the extraordinary power of the government.  Nowhere in the fourth amendment is there mention of balancing prosecutorial interests with the rights of the people.  It is clearly written to protect the citizenry from unreasonable search.  Scanning an entire hard drive, when searching for a bank transaction amounts to unreasonable search.

The Obama administration(insert link to kagan.pdf) argues that the Plain View Doctrine applies to computer seizures so any data recovered in a search would be admissible.  As Solicitor General, Elena Kagan asked the 9th circuit court of appeals to reconsider its ruling that protected data and set forth guidelines for data collection as the fourth amendment gets in the way of a speedy prosecution.

The ruling stems from a 2004 case when federal prosecutors were probing a steroid ring and obtained a warrant to seize the results of urine samples of 10 Major League Baseball players from a drug testing

Posted by Justin at 1:09 PM Tagged with:

Google CEO Predicts The Future Web Will Contain No Anonymity

Computer Privacy, Internet Anonymity, Internet Privacy, Privacy News 1 Response »
Sep 142010

The web is a dangerous place, devoid of the rules, regulations and rationality of the physical world.   People feel comfortable sharing things on social network sites and public forums that they would never say in person.  Politics, religion, sex; nothing is out of bounds on line, because people feel safe in their own homes, or in the office behind their monitors.  They often never face their opponents or fans. They don’t have to because the internet offers them a buffer between their ideas and the real world.  In a sense, they are anonymous.  There is no requirement to register your real name or location online.  You will never be stopped by an officer and asked to see identification.  You can be whoever you want to be, but if Eric Schmidt, CEO of Google is correct, this will all change in the near future.

Speaking at last month’s Techonomy conference, Google CEO Eric Schmidt made some ominous predictions about the future of anonymity on the web.  Speaking about anti-social behavior and data online, Schmidt said “The only way to manage this is true transparency and no anonymity,” Schmidt said. “In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.”

Anonymity is synonymous with privacy, but is anonymity a prerequisite for privacy?  That depends on who you ask.  The CEO of Google believes that anonymity is a threat to society.  In a video interview Schmidt stated “Privacy is incredibly important.  Privacy is not the same thing as anonymity…But if you are trying to commit a terrible, evil crime, it’s not obvious that you should be able to do so with complete anonymity.”

What Schmidt states is arguably true, but it begs the question: If you are not committing a terrible, evil crime, should your anonymity be compromised? How do you tell the difference? For those who value their privacy, and don’t want their personal lives interrupted by anyone, be it advertisers, employers, people with nothing better to do, or the government, should they have to give up their anonymity to appease governmental prosecution efforts?

It is clear that Schmidt is correct about dwindling anonymity.  Logging requirements in Europe are becoming more and more harsh.  Emails must be saved for six months in the UK, web activity must be save for at least 4 days.  Ease of prosecution is being sold as safety to a increasingly complacent public and in many cases, the public buys into it.

Opponents of internet anonymity often argue that if one is doing nothing wrong, then there is nothing to hide, and one should submit to the logging, and tracking because no harm will come of it.  It may be true that no physical harm will come, but the freedom that is lost, when you must rely on trust alone to protect privacy is too large a cost to bear.  It is why there are locks on bathroom doors, and indeed bathroom doors at all.  Sometimes it is just wrong to stare at someone and log their activities when they have the reasonable expectation of privacy and anonymity.

Posted by Justin at 1:27 PM Tagged with:
© 2011 anonymise Suffusion theme by Sayontan Sinha