Friday, November 29, 2013

Good News!

"Congratulations!  Thanks to you [me] and 2975 other backers, Lavabit's Dark Mail Initiative has been successfully funded."
 
It will be very interesting to see what develops.

Tuesday, November 12, 2013

Google vs. Bing?

To protect my privacy when I surf the Web, I use a proxy server that I set up on a Linux virtual machine which is hosted in the cloud.  To the best of my knowledge, the virtual machine is hosted on a physical machine in NYC. 

Interestingly, Google is confused by this setup.  Here's a screenshot of Google News.  Notice that it is placing me in Kendall Lakes (FL?).  That's fine.  I don't want them to know where I am!





More problematic, however, is that often when I do a Google search, I get this back instead of a results page:


Does this mean that if they cannot track me, they aren't going to let me see the results?  I'll never know for sure.  That's when I go to Bing.  Bing is content to show me results when Google isn't.



Tuesday, November 05, 2013

Dark Mail @ Kickstarter

The founders of Lavabit and Silent Circle have started a new Kickstarter Project to develop a protocol for default, user-friendly, end-to-end encryption of email.  They are calling it Dark Mail, "because Black Mail has bad connotations."

I am supporting this project.  I encourage you to as well.  Find out more about it here: http://kck.st/HrENd0.  The window to sign up closes November 22nd.

Thursday, September 12, 2013

Synology Time Backup Trick

So, you need to change the IP address of your remote backup device in Synology's Time Backup? You cannot do it from the GUI without deleting the job and creating a new one. WTF?!

However, you can change the IP with the command line in DSM 4.X:
  • telnet/SSH as root
  • cd /usr/syno/etc/packages/TimeBackup
  • chmod 777 tasks.conf
  • now edit tasks.conf and adjust the dst_IP parameter, save the file
Reopen Time Backup and the destination IP for the job has changed and all versions are still there.

Friday, September 06, 2013

Real News

In today's NY Times and Guardian. 

"...Microsoft co-operated with the NSA to circumvent encryption on the Outlook.com email and chat services. The company insisted that it was obliged to comply with "existing or future lawful demands" when designing its products."

"The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.  “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted."

Friday, August 16, 2013

Real news from the New Yorker:  http://www.newyorker.com/online/blogs/elements/2013/08/hard-to-crack-the-governments-encryption-conundrum.html

 E-mail “sounds like the simplest application of cryptography imaginable,” said Blaze. “I’m trying to send you a message that you can only read, and that you know definitely came from me, and we have algorithms and protocols that do exactly that. But we still haven’t figured out the basic technical ways to implement them in practice.” 

It's a user problem.  The hassle is not worth the benefit for most people.  Many are buying guns to protect themselves against a hypothetical tyranny and/or a possible armed intruder.  Some of those guns end up in tragedies.  Are those "hassles" worth the benefits? 

Thursday, August 15, 2013

License to steal

theScore is a popular app for your smartphone or tablet, providing sports news and information.  FYI, if you install the app, you agree to give theScore permissions to:
  • Add or modify calendar events and send email to guests without owners’ knowledge
  • Read calendar events plus confidential information
My guess is that most of the people who install the app are not aware that this is a license to steal your identity and your employer's trade secrets.

Be assured, however, theScore has no such evil plans.  This was posted in Twitter by Kenny @ theScore:
"We realize the permissions don’t sound the best, but this is how Google makes them sound in the Play Store.  In the new app, in order to properly add a team’s, or event’s calendar event to your calendar we were required to ask for [all these] permissions...  I can assure you these are only to improve the experience of the app."

I am NOT assured!  I have not installed the app.  Instead, I have bookmarked ESPN in Chrome so I can get the scores I want on my smartphone without exposing me, my employer, my friends and my family to dire risks.

Trusted but untrustworthy apps running on users' laptops, smartphones and tablets have the potential to be Trojan horses when they have access to corporate networks and services (e.g., Exchange email).  My guess is that most of the people who are championing "bring-your-own-device" (BYOD) in the workplace are not aware of the risk.

Friday, August 09, 2013

Privacy News

Walter Pincus has a sober and sobering column in the Washington Post today.  The gist of it is,

"Many people love the convenience of the Internet and cellphones and ever-multiplying social-media applications. What many don’t always focus on, however, is how easily outsiders can invade their lives.
"The June disclosure that the National Security Agency is collecting everyone’s telephone records and storing them for five years as part of anti-terrorism efforts has caused an uproar.
"Get used to it. The gathering of such data, whether by private commercial enterprises, hackers or governments — ours or foreign ones — is part of 21st- century life."

The comments posted by readers provide an interesting discussion of the issue.

In related news, it is reported today that a "secure email service" has shut down rather than cooperate with US government surveillance orders.  See this article from ZDNet.  NB, all the service really did was encrypt subscribers' messages stored on their servers.  Unless people encrypted their messages prior to transmission, messages would travel the Internet as plain text, readable by prying eyes.

Ironically, the US Government has recently developed bioethical rules for the handling cell lines in medical research which protects the privacy of persons related to the donors of cells for generations, eg the great-grandchildren of donors will now have a say in how the cells are used and by whom.  See this.

Thursday, August 08, 2013

Business Cases for Windows 8

Um....  there must be some.  I'm not able to think of any...  

Okay, here's one: Microsoft wants to make some more money.  With effective control of business PCs through its Windows and Office software, they can force users to buy Windows and Office upgrades and new versions. 

That's not your computer, it's Microsoft's.  If you want to keep using it, pay up!

Don't be getting smug if you own a Mac.  That's not your Mac, it's Apple's, and you'll pay more to Apple for a Mac than you will to Microsoft for a PC.

Tuesday, June 18, 2013

Beware Big Brother

You know those cute photos someone sent you of their kids playing in the sprinkler on a hot summer day? Some machine is going to see "kiddie porn" and you may have to prove it is not! FYI, the default setting on my Android smart phone is to "back up" all my photos on the device to Google.

The big cloud computing companies have a "social contract" with the public. We share with them in exchange for valuable, largely free services on the Internet (email, one-click shopping, entertainment, etc.). Yes, they know almost everything about us, but they wouldn't "misuse" that information because then the game would be over, right?

Now it seems that the Government's spy and law enforcement agencies are in on the game, and it is all justifiable to protect homeland security and to enforce laws. However, prosecutors and spies do not have our individual interests at heart.

So what can and should a normal, patriotic, law-abiding person do to avoid being scrutinized by the Authorities, for such scrutiny can entail public humiliation and ruinous legal expenses?

"I've got nothing to hide," is a naïve justification for inaction. Context is everything; after you've done the "perp walk" on TV, your history will be seen a new, sinister light.

My recommendation is to lower you profile on the Internet. This means:
  • Avoiding social networking in favor of email.
  • Using/advocating for email encryption.
  • Using/advocating for encrypted texting.
  • Cover your tracks when you surf the Web.
  • Do not install apps on your tablets and smart phones that compromise your privacy (look at the access they will have on the device before you install them).
  • Do not store information in the "cloud" unless you know and trust the vendor.