If you are a frequent visitor to SurvivalBlog then I do not need to
explain why the subject matter may be of importance. There are several
previous posts that cover somewhat related information that I will
reference and expand upon.
First, the disclaimers: I am not a data security expert. I could not blind you with science nor expertly baffle you with Bravo Sierra. However, I have been directly involved in the Internet related software business for almost 20 years. I have spent many hours a day for almost two decades using the internet and watching it evolve. During that time, especially since 9/11, I have also watched the watchers watching more of everything we do.
The second disclaimer is the software or services I mention below may not be legal in all countries. While currently legal in the US, the FBI recently sent a flyer to all Internet cafes and coffee shops warning that a number of quite normal and legal behaviors should be considered a "potential indicator of terrorist activity" and should be reported.
Hopefully the information contained herein will help you maintain the small amount of privacy you have left when it comes to the data on your computer and your online activities. The caveat being this – there is no such thing as perfect security or absolute privacy. Pretty much any code or encryption can be broken if someone has the resources and the motivation to do such.
There are certainly many more options available than I will cover here, but I wanted to keep this as simple as possible so anyone with more than rudimentary computer skills can implement whatever measures they deem necessary. I will cover the areas of securing data you keep (files, folders, etc), securing e-mails, IM and chats, protecting your identity while browsing and also making secure voice and video calls. However, the first thing I have to talk about is using some common sense.
Common Sense
Yes, an invasive government has the resources to electronically monitor any and all communications and to break almost any type of code or encryption. However, that does not mean they have the resources to manually analyze every single phone call, e-mail, chat, purchase or web browsing habits of every single person on Earth. Just because you may visit sites deemed threatening to TPTB or you have purchased a survival knife online doesn't mean you are a high priority target on some watch list.
So here is the common sense part: don't make yourself a high priority target. Try to exercise a degree of discretion and intelligence if you find it necessary to make posts online or send e-mails. I have to shake my head in disbelief when I see people making inflammatory posts online. Such posts are filled with threats, anti-government or violence inciting rhetoric. Such "keywords" will get someone's attention. The bottom line is this: unless you are one of the very brave souls that have chosen to take a public stand, to offer constructive ways to adapt to and survive the rapidly changing world we live in, it's best to draw as little attention to yourself as possible. Try to keep your emotions at bay when posting online, because once you put it out there, it is there forever.
Data Security
We all have data we need to keep and a lot of it should be secured in some manner – such as scanned copies of your important papers (birth certificates, passports, driver's license and such), supply lists, maps, routes – you get the picture. Any unsecured data on an Internet connected (or confiscated) computer is a security risk. Trojans, Viruses, Key-Loggers, Malware, Drive-by Downloads all pose the risk of exposing your data. I won't discuss the need to keep your anti-virus and/or anti-malware software up-to-date because if you aren't doing that – the rest of this information won't do you much good. Below I will cover several aspects of data security from the simplest to the more complex.
The first rule is to not to keep your sensitive data on your computer's hard drive in the first place. Flash drives (USB thumb drives) are inexpensive and can hold a tremendous amount of data. Keep your sensitive data on a flash drive, or better yet, a Micro SDHC card. For around $15 you can get a 16GB Micro SDHC card with SD adapter. You will probably need the adapter because the actual data card is smaller than your pinkie fingernail and about as thick – it can be hidden anywhere. If your computer doesn't have a flash card reader, then you can get an external card reader for less than $15.
File Encryption Using a Password
Again, I won't cover all possible options in this post, just the quick, easy and less complex solutions I have found and since Windows is the most prevalent operating system, I will limit software references to that unless noted – you can probably find similar solutions for Macs or Linux machines. For quick encryption of one or more files, dsCrypt is a free AES/Rijndael file encryption software with simple, multi-file, drag-and-drop operations. All you do is download/save the 25kB .exe file and double-click to launch – it doesn't have to be installed – the file you download is the program itself – which means it can also be used from portable media.
If you have a lot of files you need to secure, you may want to look at TrueCrypt, a free open-source disk encryption software for Windows, Mac and Linux. TrueCrypt creates a virtual encrypted disk within a single file which can be mounted as a real disk. This file can be created anywhere on your hard drive or portable media. Anything saved to this "disk" is automatically encrypted. This solution requires a multi-step installation – but is well worth it. I suggest you keep the disk space allocated to something reasonable because it cannot be undone without formatting the drive.
To exchange encrypted files with others, there are some free solutions available that offer high levels of encryption. The only caveat is the recipients also need the same software installed and the password used to unencrypt the files – not a huge price to pay for a bit of security.
Encrypt Files is a very easy to use for files or entire folders
dsCrypt - (great for portable media)
MEO Encryption is a great free program for files and e-mail. Actually, after playing with MEO for a bit, it is quickly moving to the top of my list.
Finally is the area of obsolete or replaced drives. Formatting a drive does NOT delete the data – it can be fully recovered with simple software. Most drives I replace will not be reused because they are old technology. I used to take a sledge hammer to them, but now use a drill press and put a ½" hole all the way through the case and platters. However, if that's not your style – you might want to look at Boot and Nuke. You have to create a CD or DVD from the downloaded .iso file, but then you simply re-boot using that disc and the hard drive will be wiped clean to DoD/NSA disc over-writing standards.
Also, simply deleting a file/folder – even after emptying your recycle bin – does not protect that data. It can be recovered unless you use a file shredder program. A good free one can be downloaded from Fileshredder.org/
Secure E-mail
Every e-mail you send will go through numerous servers before it is delivered (usually 10 -15 different servers). Your message can be read, scanned or copied at any step in that route. Referring back to the section on using common sense – be mindful of what words or phrases you use because you might garner someone's attention - other than your intended recipient.
One partial solution is to use a web-based "secure" e-mail service. Such services encrypt your messages before sending but the thing to keep in mind is any time you rely on a third-party service or server, your messages aren't really secure. However, some security is better than no security so here are some of the free secure email services you might want to check out:
Hushmail.com
S-mail.com
PrivacyHarbor.com
BurnNote.com
For much better security, your best bet is to encrypt messages before you send them. This can easily be done using MEO Encryption (mentioned previously for encrypting files) which can be used with your existing e-mail server.
To quickly encrypt a simple text file to send, LockNote is a good way to go.
For those worried that by simply sending encrypted files or messages will draw unwanted attention, how about encoding short messages into a standard image file? This can be done with 4t HIT Mail Privacy Lite
Secure Instant Messaging and Chats
While both Yahoo and Google offer an off-the-record or encryption option in their IM clients, I must again remind you that such service providers have full access to the original content as they handle the encryption.
Your best bet for secure IM communication is to use Pidgin for Windows or Adium for the Mac OSX. Both programs have an Off-the-Record function that uses 256-bit AES encryption that is performed before the message is sent through the 3rd party provider. Both work with all major IM servers and offer a slew of other great features:
Pidgin for Windows
Adium for Mac OSX
Jitsi for Windows, Mac and Linux
Private Web Browsing
You leave footprints everywhere you visit via any of the standard browsers. Yes, you can disable cookies and your browsing history and all that, but I'm talking about the footprints you leave on every server that transmit your requests for any web site. The footprint includes your IP address, operating system, browser and version, screen resolution and more. There is a previous SurvivalBlog post that provides more details about this.
In the post above, using the Tor proxy system was recommended. Until recently, this was not so easy to do. It involved installing a couple of programs and browser plug-ins. Further, most people would use Tor with their favorite browser not realizing that a lot of multimedia features on web sites will negate any benefits Tor is providing. For instance, Flash movies, scripting language and file downloads can reveal your actual "footprint."
However, this process has been made a lot easier by the Tor community. You can now install a Tor/FireFox combination in a single program. It is an older, stripped down version of FireFox that has all possible vulnerabilities disabled. A single icon first launches and connects you to the Tor network and then automatically launches the safe FireFox browser.
Using A Virtual Private Network (VPN)
While all other services and software I mention are free, there is a low-cost option to consider to keep all your online activity private. If you are like me, I tend to bounce around the Internet from buying wool socks online to sites where I should be using Tor - but I simply forget to launch it first.
While Virtual Private Network (VPN) services have been around a long time, it has recently become easy enough to implement that anyone can do it. Briefly, when you use a VPN, you create an encrypted tunnel between your computer and the VPN servers. All your network traffic is then routed through that server and sent back to you. The gist of it is, you download/install a simple software program, set it to start when you boot up (if you want), and all your internet activities are through the IP address of the VPN service - and the good ones don't keep logs of your activities. The one I use hides me behind 24,500 different IP addresses on servers in 40 different countries. And best of all, I don't have to remember to do anything - it's automatic and full-time.
There are a lot of VPN services out there, and prices range from $7 - $20 a month (you get much better deal on annual payments). Personally, I use http://HideMyAss.Com - but each service is a bit different in regards to usage limitations, so here is a site that reviews the top 10: http://myvpnreviews.com/
The service I use allows me to install the software on as many computers as I want, in addition to my smartphone. However, only two devices can use the service at the same time.
Two final notes on VPNs. First, you should always use some type of VPN when connected to public Wi-Fi. They are terribly unsecure. You might as well run around naked in broad daylight. Yes, you are that exposed.
Finally, a VPN is great for hiding your browsing activity - but it does not take the place of file or email encryption. While the tunnel between your computer and the VPN is encrypted, unencrypted files or emails still go through public/open servers to reach your recipient.
Secure Voice and Video Chat
We all know how easy it is to eavesdrop on cell phone or even land line telephone calls, and to repeat again, using a third-party voice or video service is not secure. But what if there was a way to tap directly into the SIP (Session Initiation Protocol) network used for VoIP (Voice Over IP) and have your conversations and video chat encrypted before they even hit the network?
As with using encrypted IM or files, all parties involved must have the same setup – but since we are talking free stuff here, that is a non-issue. I will skip the technicalities and just get you going. To do the above is a two-step process (both easy). First, you need to register to get a free SIP address.
Second, download and install Jitsi for Windows, Mac and Linux (mentioned previous for secure IM). Jitsi facilitates secure video calls, conferencing, chat, desktop sharing, file transfer, support for your favorite OS, and IM network. Jitsi uses ZRTP to encrypt all communications. To use Jitsi with a SIP address, you will have to go into Options – Accounts and create a new account for the SIP network. To save you some possible confusion, the Jitsi SIP setup asks for "SIP id" – this is the "SIP address" contained in the email you receive when you sign-up at GetonSIP.com. The rest should be self-explanatory.
Finally, I would like to add a bit to a couple of previous posts. This SurvivalBlog post explains how to setup the Hosts file for going directly to a web sites IP address in case the DNS system is unavailable.
The question unanswered in that article was: "How do I find the IP address of my favorite sites so I can add them to the Hosts file?" The fastest way is to go to http://centralops.net/co/ , click on the Ping menu. On the new page, enter in the domain name and click go. The page will refresh showing the IP address.
Multiple MAC Addresses
This SurvivalBlog post recommended buying a dedicated laptop to use at public Wi-Fi locations. The post mentions the network card in each computer has a unique MAC address. That MAC address can be captured by servers you visit – but most definitely is logged by the Wi-Fi router every time you connect to one.
If you cannot afford a dedicated laptop for this purpose, the next best bet (and less expensive) would be to buy several USB Wireless adapters (all the same make/model). You can pick these up for around $10 each online. Because all the adapters are the same make/model, they will all work seamlessly with the drivers provided. However, each adapter will have a unique MAC address (and not the one of the onboard Wi-Fi card in your laptop). They are small enough to easily put in a zip-lock baggie and cache near two or more of your favorite public Wi-Fi spots – so you don't have to keep them in your possession.
So you would just grab the wireless adapter, disable the onboard Wi-Fi card, pop in the adapter and it will be the adapter's MAC address logged. When you are done, wipe the adapter and baggie down, and return it to its hiding place. If for some reason your laptop is confiscated, you would have excellent plausible deniability because the onboard MAC address would not be one that was logged.
And, again, when using public connections, a VPN tunnel is highly recommended.
First, the disclaimers: I am not a data security expert. I could not blind you with science nor expertly baffle you with Bravo Sierra. However, I have been directly involved in the Internet related software business for almost 20 years. I have spent many hours a day for almost two decades using the internet and watching it evolve. During that time, especially since 9/11, I have also watched the watchers watching more of everything we do.
The second disclaimer is the software or services I mention below may not be legal in all countries. While currently legal in the US, the FBI recently sent a flyer to all Internet cafes and coffee shops warning that a number of quite normal and legal behaviors should be considered a "potential indicator of terrorist activity" and should be reported.
Hopefully the information contained herein will help you maintain the small amount of privacy you have left when it comes to the data on your computer and your online activities. The caveat being this – there is no such thing as perfect security or absolute privacy. Pretty much any code or encryption can be broken if someone has the resources and the motivation to do such.
There are certainly many more options available than I will cover here, but I wanted to keep this as simple as possible so anyone with more than rudimentary computer skills can implement whatever measures they deem necessary. I will cover the areas of securing data you keep (files, folders, etc), securing e-mails, IM and chats, protecting your identity while browsing and also making secure voice and video calls. However, the first thing I have to talk about is using some common sense.
Common Sense
Yes, an invasive government has the resources to electronically monitor any and all communications and to break almost any type of code or encryption. However, that does not mean they have the resources to manually analyze every single phone call, e-mail, chat, purchase or web browsing habits of every single person on Earth. Just because you may visit sites deemed threatening to TPTB or you have purchased a survival knife online doesn't mean you are a high priority target on some watch list.
So here is the common sense part: don't make yourself a high priority target. Try to exercise a degree of discretion and intelligence if you find it necessary to make posts online or send e-mails. I have to shake my head in disbelief when I see people making inflammatory posts online. Such posts are filled with threats, anti-government or violence inciting rhetoric. Such "keywords" will get someone's attention. The bottom line is this: unless you are one of the very brave souls that have chosen to take a public stand, to offer constructive ways to adapt to and survive the rapidly changing world we live in, it's best to draw as little attention to yourself as possible. Try to keep your emotions at bay when posting online, because once you put it out there, it is there forever.
Data Security
We all have data we need to keep and a lot of it should be secured in some manner – such as scanned copies of your important papers (birth certificates, passports, driver's license and such), supply lists, maps, routes – you get the picture. Any unsecured data on an Internet connected (or confiscated) computer is a security risk. Trojans, Viruses, Key-Loggers, Malware, Drive-by Downloads all pose the risk of exposing your data. I won't discuss the need to keep your anti-virus and/or anti-malware software up-to-date because if you aren't doing that – the rest of this information won't do you much good. Below I will cover several aspects of data security from the simplest to the more complex.
The first rule is to not to keep your sensitive data on your computer's hard drive in the first place. Flash drives (USB thumb drives) are inexpensive and can hold a tremendous amount of data. Keep your sensitive data on a flash drive, or better yet, a Micro SDHC card. For around $15 you can get a 16GB Micro SDHC card with SD adapter. You will probably need the adapter because the actual data card is smaller than your pinkie fingernail and about as thick – it can be hidden anywhere. If your computer doesn't have a flash card reader, then you can get an external card reader for less than $15.
File Encryption Using a Password
Again, I won't cover all possible options in this post, just the quick, easy and less complex solutions I have found and since Windows is the most prevalent operating system, I will limit software references to that unless noted – you can probably find similar solutions for Macs or Linux machines. For quick encryption of one or more files, dsCrypt is a free AES/Rijndael file encryption software with simple, multi-file, drag-and-drop operations. All you do is download/save the 25kB .exe file and double-click to launch – it doesn't have to be installed – the file you download is the program itself – which means it can also be used from portable media.
If you have a lot of files you need to secure, you may want to look at TrueCrypt, a free open-source disk encryption software for Windows, Mac and Linux. TrueCrypt creates a virtual encrypted disk within a single file which can be mounted as a real disk. This file can be created anywhere on your hard drive or portable media. Anything saved to this "disk" is automatically encrypted. This solution requires a multi-step installation – but is well worth it. I suggest you keep the disk space allocated to something reasonable because it cannot be undone without formatting the drive.
To exchange encrypted files with others, there are some free solutions available that offer high levels of encryption. The only caveat is the recipients also need the same software installed and the password used to unencrypt the files – not a huge price to pay for a bit of security.
Encrypt Files is a very easy to use for files or entire folders
dsCrypt - (great for portable media)
MEO Encryption is a great free program for files and e-mail. Actually, after playing with MEO for a bit, it is quickly moving to the top of my list.
Finally is the area of obsolete or replaced drives. Formatting a drive does NOT delete the data – it can be fully recovered with simple software. Most drives I replace will not be reused because they are old technology. I used to take a sledge hammer to them, but now use a drill press and put a ½" hole all the way through the case and platters. However, if that's not your style – you might want to look at Boot and Nuke. You have to create a CD or DVD from the downloaded .iso file, but then you simply re-boot using that disc and the hard drive will be wiped clean to DoD/NSA disc over-writing standards.
Also, simply deleting a file/folder – even after emptying your recycle bin – does not protect that data. It can be recovered unless you use a file shredder program. A good free one can be downloaded from Fileshredder.org/
Secure E-mail
Every e-mail you send will go through numerous servers before it is delivered (usually 10 -15 different servers). Your message can be read, scanned or copied at any step in that route. Referring back to the section on using common sense – be mindful of what words or phrases you use because you might garner someone's attention - other than your intended recipient.
One partial solution is to use a web-based "secure" e-mail service. Such services encrypt your messages before sending but the thing to keep in mind is any time you rely on a third-party service or server, your messages aren't really secure. However, some security is better than no security so here are some of the free secure email services you might want to check out:
Hushmail.com
S-mail.com
PrivacyHarbor.com
BurnNote.com
For much better security, your best bet is to encrypt messages before you send them. This can easily be done using MEO Encryption (mentioned previously for encrypting files) which can be used with your existing e-mail server.
To quickly encrypt a simple text file to send, LockNote is a good way to go.
For those worried that by simply sending encrypted files or messages will draw unwanted attention, how about encoding short messages into a standard image file? This can be done with 4t HIT Mail Privacy Lite
Secure Instant Messaging and Chats
While both Yahoo and Google offer an off-the-record or encryption option in their IM clients, I must again remind you that such service providers have full access to the original content as they handle the encryption.
Your best bet for secure IM communication is to use Pidgin for Windows or Adium for the Mac OSX. Both programs have an Off-the-Record function that uses 256-bit AES encryption that is performed before the message is sent through the 3rd party provider. Both work with all major IM servers and offer a slew of other great features:
Pidgin for Windows
Adium for Mac OSX
Jitsi for Windows, Mac and Linux
Private Web Browsing
You leave footprints everywhere you visit via any of the standard browsers. Yes, you can disable cookies and your browsing history and all that, but I'm talking about the footprints you leave on every server that transmit your requests for any web site. The footprint includes your IP address, operating system, browser and version, screen resolution and more. There is a previous SurvivalBlog post that provides more details about this.
In the post above, using the Tor proxy system was recommended. Until recently, this was not so easy to do. It involved installing a couple of programs and browser plug-ins. Further, most people would use Tor with their favorite browser not realizing that a lot of multimedia features on web sites will negate any benefits Tor is providing. For instance, Flash movies, scripting language and file downloads can reveal your actual "footprint."
However, this process has been made a lot easier by the Tor community. You can now install a Tor/FireFox combination in a single program. It is an older, stripped down version of FireFox that has all possible vulnerabilities disabled. A single icon first launches and connects you to the Tor network and then automatically launches the safe FireFox browser.
Using A Virtual Private Network (VPN)
While all other services and software I mention are free, there is a low-cost option to consider to keep all your online activity private. If you are like me, I tend to bounce around the Internet from buying wool socks online to sites where I should be using Tor - but I simply forget to launch it first.
While Virtual Private Network (VPN) services have been around a long time, it has recently become easy enough to implement that anyone can do it. Briefly, when you use a VPN, you create an encrypted tunnel between your computer and the VPN servers. All your network traffic is then routed through that server and sent back to you. The gist of it is, you download/install a simple software program, set it to start when you boot up (if you want), and all your internet activities are through the IP address of the VPN service - and the good ones don't keep logs of your activities. The one I use hides me behind 24,500 different IP addresses on servers in 40 different countries. And best of all, I don't have to remember to do anything - it's automatic and full-time.
There are a lot of VPN services out there, and prices range from $7 - $20 a month (you get much better deal on annual payments). Personally, I use http://HideMyAss.Com - but each service is a bit different in regards to usage limitations, so here is a site that reviews the top 10: http://myvpnreviews.com/
The service I use allows me to install the software on as many computers as I want, in addition to my smartphone. However, only two devices can use the service at the same time.
Two final notes on VPNs. First, you should always use some type of VPN when connected to public Wi-Fi. They are terribly unsecure. You might as well run around naked in broad daylight. Yes, you are that exposed.
Finally, a VPN is great for hiding your browsing activity - but it does not take the place of file or email encryption. While the tunnel between your computer and the VPN is encrypted, unencrypted files or emails still go through public/open servers to reach your recipient.
Secure Voice and Video Chat
We all know how easy it is to eavesdrop on cell phone or even land line telephone calls, and to repeat again, using a third-party voice or video service is not secure. But what if there was a way to tap directly into the SIP (Session Initiation Protocol) network used for VoIP (Voice Over IP) and have your conversations and video chat encrypted before they even hit the network?
As with using encrypted IM or files, all parties involved must have the same setup – but since we are talking free stuff here, that is a non-issue. I will skip the technicalities and just get you going. To do the above is a two-step process (both easy). First, you need to register to get a free SIP address.
Second, download and install Jitsi for Windows, Mac and Linux (mentioned previous for secure IM). Jitsi facilitates secure video calls, conferencing, chat, desktop sharing, file transfer, support for your favorite OS, and IM network. Jitsi uses ZRTP to encrypt all communications. To use Jitsi with a SIP address, you will have to go into Options – Accounts and create a new account for the SIP network. To save you some possible confusion, the Jitsi SIP setup asks for "SIP id" – this is the "SIP address" contained in the email you receive when you sign-up at GetonSIP.com. The rest should be self-explanatory.
Finally, I would like to add a bit to a couple of previous posts. This SurvivalBlog post explains how to setup the Hosts file for going directly to a web sites IP address in case the DNS system is unavailable.
The question unanswered in that article was: "How do I find the IP address of my favorite sites so I can add them to the Hosts file?" The fastest way is to go to http://centralops.net/co/ , click on the Ping menu. On the new page, enter in the domain name and click go. The page will refresh showing the IP address.
Multiple MAC Addresses
This SurvivalBlog post recommended buying a dedicated laptop to use at public Wi-Fi locations. The post mentions the network card in each computer has a unique MAC address. That MAC address can be captured by servers you visit – but most definitely is logged by the Wi-Fi router every time you connect to one.
If you cannot afford a dedicated laptop for this purpose, the next best bet (and less expensive) would be to buy several USB Wireless adapters (all the same make/model). You can pick these up for around $10 each online. Because all the adapters are the same make/model, they will all work seamlessly with the drivers provided. However, each adapter will have a unique MAC address (and not the one of the onboard Wi-Fi card in your laptop). They are small enough to easily put in a zip-lock baggie and cache near two or more of your favorite public Wi-Fi spots – so you don't have to keep them in your possession.
So you would just grab the wireless adapter, disable the onboard Wi-Fi card, pop in the adapter and it will be the adapter's MAC address logged. When you are done, wipe the adapter and baggie down, and return it to its hiding place. If for some reason your laptop is confiscated, you would have excellent plausible deniability because the onboard MAC address would not be one that was logged.
And, again, when using public connections, a VPN tunnel is highly recommended.
No comments:
Post a Comment