Green activist guide on communication encryption

Crypto parties are happening everywhere, even in the European Parliament. In the year 1 after the Snowden-Leaks people are more and more concerned about their privacy. Still the majority acts in the contrary. This is wonderfully described in this Guardian article.

Nevertheless there are people who are politicly active who don’t have the luxury of choice. Having a not-secure communication can mean to danger themselves and the people around them. As a matter of fact, activists in more secure countries like in the west tend to forget that there are places, where a simple email can create harm. So it is not just an issue in less secure regions, but everywhere. Not using encryption is like having unprotected sex. That’s why you can find here a short overview on how to communicate more secure.

The term “more secure” is adequate, because there is no absolute security. If you use encrypted e-mail who do you know that the email app you use is secure? If you use an open source email client who got audited, how do you know that your operating system on your computer is secure? And even if you use a specific operating system like Tails, how do you know that there is no backdoor in your hardware?

You see, there is no absolute security. So as the first step you should think about the risk scenarios. To whom do you like to communicate? What are possible threats and what can you do about it? Choosing the right tools requires to know your needs first.

Tor

A good start is the Tor Project. They are developing a software which allows the best anonymised communication available at the moment. The current versions are quite easy to use. For the start the Webbrowser Tor Browser is very recommended. There is also a live operating system Tails which is preconfigured to use Tor out of the box. It is especially recommended to journalists in crisis regions.

Messanger

Recently ProPublica – a project supporting journalism and journalists, published an overview on the best secure Messaging Tools. There is not much to add. There you can easily find out about the current applications you use and what alternatives are there. Only two short suggestions:

  • Cryptocat: it is for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Cryptocat is open source, free software, developed by encryption professionals to make privacy accessible to everyone.
  • Silent Circle: it is a commercial service allowing secure calls and messaging. There plans allow also to make calls to outside the network.

Email

Email encryption is only difficult in that sense, that the installation differs very much based on the email client you are using. The standard for such kind of encryption is PGP (Pretty Good Privacy) or in that case GPG (GNU Privacy Guard, which is the open source adaption of PGP. They are using the same technology and if somebody encrypts email with one of it, it doesn’t matter which you are using to open it.

One of the principles of modern encryption is the method of having two keys – one public and one private. The public one can be shared to everybody and is used to encrypt messages for you, which you can only encrypt using your private key. The same process is done if you start a secure session in your browser or in your messanger. In difference, you see it more clearly while handling email encryption. As the most important rule, never ever share your private key with somebody!

A multi plattform solution for encrypted email is via Mozilla Thunderbird and Enigmail, which is very similar on Linux, Mac and Windows systems. A step by step guide can be found here.

If you are using other email clients, have a look on the following pages:

Current debates: privacy, big data, net neutrality and copyright issues

From October 22nd to 25th, 2013, the 8th annual meeting of the Internet Governance Forum took place in Bali. These are the three big topics – from my perspective – for the next year.

This article was written for NO LABEL PROJECT.

Privacy and big data 

The adoption of the new EU data protection regulation by the LIBE committee showed that the discussions about privacy are not dead yet. It seems only that the discussion is different than many civil rights organisation expected. The past weeks have revealed that even a world wide scandal about enormous data misuse by governmental organizations do not concern enough people to become relevant. They are outraged, but this result not in any action – known as the privacy paradox. In the contrary, studies show that privacy is nothing people would pay for nor care much. If they have the choice between cheaper prices and handing in less private data in online shops, there is a preference towards the cheaper prices.

We can all agree on, that a new narrative is necessary to explain why data collections of personal data is a treat. The term of private sphere seems not strong nor important enough to mobilize proper amount of people. Fights against the transparent citizen are long over. As Edward Snowden revealed, most of us are already fully transparent. I am favoring the term of the mindless citizen, since that is what these databases of our personal information do with us together with advanced computing. Big Data are the technologies to predict our actions before we know it ourselves. We are getting personalized offers which we can’t resist since they fit so perfectly to our needs.

Having this in mind, a political solution seems urgent and needed at once. The data protection legislation – not only in Europe – is lagging very much behind the technical progress.

 

Infrastructure: net neutrality and nationalization

Last month the European Commission proposed a new draft for a Digital Single Market regulationincluding regulation for telecommunication infrastructure. In mid October was a decision that the ITRE committee (Industry and Trade) will responsible and who are the rapporteurs. It is more or less official that this initiative won’t be finished during this term. The rapporteur Castillio Vera and the shadow rapporteur Trautman estimate an opinion-forming in the next 7 months. So this might be one of the topics of the elections to the European Parliament. What ever will be the result will be on e of the starting points of the European Commission after the elections.

It is not a new topic. The struggle around net neutrality was ongoing during the whole term of Neele Kroes. EDRi made a good overview on the debate by creating a timeline.

Another infrastructure topic is the growing nationalization of the Internet. This is not just a phenomena of closed autocracies like Iran or North Korea. The trend of national nets also gather speed in Europe. National restrictions on services are well known already like in Youtube or other media, where the copyright legislation is lacking behind the habits of consumers and users. In Germany now discussions started to route special services only in “Ferman” nets for example e-mail.

 

Copyright vs freedom of expression

In the beginning of this year the ECHR took a decision in the on going debate on copyright vs freedom of expression and denying The Piratebay the status of communication infrastructure worth to protect. It is in particular for interest, since the well known website is nothing else than a simple search engine for links. Only some days ago the next torrent search engine isohunt got shutdown. On the other hand, the largest torrent search engine Google got untouched.

The media industry realised that going against individual copyright infringement is not working out. Public cases like charging teenagers or grandma’s with ridiculous claims of often wrong accusations will be hopefully over soon.

At the Internet Governance Forum 2012 in Baku the swedish member of European Parliament (MEP) Amelia Andersdotter explained with the direct words “Fuck you, this is my culture” that the gap between the reality of young people and restrictive copyright regulation is as big as never before.

This shows the importance of the current copyright debate for the Internet infrastructure. The general direction of more and more centralisation – which is ongoing for years – gets support by such developments. Creating monopols and power concentrations which are bad for general public and only benefiting a small minority. The next year will show in which direction it will go. Hopefully again towards more Internet freedom.

Shadow profiling: Data collections about you where it’s hard to opt-out

This article was written for NO LABEL PROJECT.

Do you have a Facebook profile? Some of you might say yes, but some try to avoid Facebook and never registered or deleted there account at some point. The truth is, you all have profiles at Facebook. They collect information about you all over the web and try to combine it. And that is not all. Many companies do such profiling like advertising networks or other social networks. Creating detailed profiles about you are their business models.

 

How they collect data

Many websites have share buttons below their articles and posts. The reasons why these buttons look the same everywhere is that they are not part of the website you are visiting. They come often directly from the services itself, means Facebook, Google, Twitter. So you visit websites of them without actually being aware of visiting them. And every visit creates the opportunity for them to collect data about you as described in the next part.

This methods work not only with share buttons, but also with ads, pictures and other parts of the website. In particular advertising companies and networks use this to be able to show everybody the perfectly fitting offer.

Did you ever wonder why Facebook asks you so annoyingly to use their Friend Finder? Not just to get new members for Facebook itself, also because it gives a lot of information about your and your friends. This is especially troubling since people send data about their friends to Facebook without their consent. Or did you ever hear from somebody who called his whole address book to ask whether it is fine with them to upload their data to Facebook? By the privacy policy of Facebook it is exactly what everybody needs do to before.

And we should of course not forget all the data we are leaving behind us by actively using online services. Not just social networks, but also all kinds of other like webshops as Amazon or ebay. This is all data which can be and sometimes is already sold to 3rd parties.

 

How they identify you

Just knowing that somebody visited a website doesn’t a create a profile yet. To do so, they need to link all these collected data. This can be done by various methods. We will explain four well known ones here.

The most easiest way is to look for your IP address. This is your main identification when connected to the Internet. Even so it is possible to get a different address each time you connect, many Internet Service Provides don’t change it too often.

Another well know method are so called cookies. Websites can save some information on your computer to make it easier to use by identifying you as the user. So you don’t need to login every time when you visit again, which is of course convenient. Because of the advantages it is an established web technology which should not condemned generally.

There is a special type of cookies: 3rd party cookies. These are from websites which do did not went to directly. On a website there can be links to other websites, opening a picture or other content from a different website. This is especially used to track you through different websites and has no real advantage for the user.

All the named technologies are quite old and the profiling industry is looking for more possibilities since many browers try to improve the privacy of their users by allowing to block different ways of blocking. A new way to identify users is called Browser Fingerprinting. There they use available information of your browser like installed plugins, supported MIME-types or fonts. Only these three named information can identify uniquely a user by 86,73%, as experts conclude. Only by deactivating technologies as Javascript or Flash the identification rate can drop significantly.

Nevertheless by using services again we make it pretty easy to connect all this data to us. One login at Facebook or Google and they know to whom they can link the web history they collected before. And we should not forget that there are already full grown industries dealing and trading our data. At the end all this create quite detailed profiles of ourselves.

 

How you can protect yourself

Reading all this you might think the only way to escape this is not to use the Internet at all. That is partially true and the only sustainably solution would be political regulation and data protection. Still there are a lot of small things you can do to make it much harder to collect and link your data.

In your Browser you can limit a lot already by using several add-ons and plugins. Step by step these features are also included in new browser versions, so it might only a change in the preferences when you read this article. A first hands-on list:

  • use an open source browser like Firefox
  • not allow 3rd party cookies in your browser (in Firefox, in Safari blocked by default, in Chrome)
  • remove all the cookies by ending your browser (in Firefox, in Safari, in Chrome)
  • block Social Network content on other websites (for example Facebook Blocker extension for Firefox, Safari, Chrome)
  • use an ad blocker (for example AdBlock for Safari and Chrome, do NOT use AdBlockPlus!)
  • use a general tracking blocker (for example Ghostery for Firefox, Safari, Opera, Chrome)

You know about other cool add-ons, extensions or plugins? Write it in the comments!

 

Privacy is something different generation define differently. So wrote the Guardian about current 13 to 17 year olds: “This generation has learned to function in a world of social surveillance.” Althought there are differnt views on privacy, they all require to have a choice which data we share and which we don’t. Shadow profiling takes this choice away and leaves us as dependent humans.

More information on you and your shadows can be also found at the Tactical Tech Collective.