The Cypherpunk Manifestos

24/06/2018

Reading a lot about privacy and anonymity and cryptography and cryptocurrency and Darknet hidden services and Tor lately.  Something that has caught my attention is the Cypherpunk movement, and their manifestos.

bitcoin

Without anonymous currency, we don’t have real anonymity

The earliest one seems to be The Crypto Anarchist’s Manifesto, written by Timothy C May in 1988.  Here’s a link to it.  Written thirty years ago, but very of the moment even now.  Read how it opens:

Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.

A cypherpunk’s manifesto” by Eric Hughes, is also very relevant, even though it is 26 years old.  Here’s a bit:

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

This is stuff that could have been written yesterday.  The technologies required for true anonymity have broken out fairly recently: encryption, cryptocurrency, all this has come to a head now.  If we don’t seize this opportunity, maybe we don’t deserve it.

bmc-yellow


Apple closes security loophole in iPhones and other iOS devices

14/06/2018

Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.

They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked.  It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.

Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.

GreyKey-box

The GreyKey device that hacks into locked iPhones via its Lightning port

This will protect iPhones from the iPhone hacking tool GreyKey.

The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from  iPhones.  The Restricted USB Mode will cut off the GreyKey’s access.

hacked-iphone

The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds

Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

bmc-orange


PGP, S/MIME and email: serious vulnerability

14/05/2018

The EFF has warned that a major vulnerability around the use of PGP and S/MIME encrypted HTML email has left users in a vulnerable position.  Sebastian Schinzel, in charge of the IT security lab at the Münster University of Applied Sciences, has said that attacks exploiting the vulnerabilities could make previously-encrypted emails visible as plain text!

The EFF blogged:

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

The EFF has also offered guidance on how to remove plug-ins associated with PGP email, which users can find in the blog. Those plug-ins include ones for clients Apple Mail, Thunderbird and Outlook.

Check here for more info.

bmc-orange


Investigatory Powers Bill

22/11/2016

The UK government has passed the Investigatory Powers Bill. This, according to the Guardian, “legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US”.

In truth, it merely legalizes what the government has been doing for years anyway – just consider what Ed Snowden revealed about the USA (via the NSA)n and the UK (via GCHQ) and their nasty snooping.  Indeed, Snowden said in Laura Poitras’ documentary film Citizenfour that GCHQ were spying illegally far more than the villainous NSA!  (I advise everyone to see Citizenfour – it’s widely available on bittorrent, check the Pirate Bay Proxy List for available downloads).

The Guardian rightly describes this new law-in-waiting “extreme surveillance”.  Also noted that it passed “with barely a whimper” – which is, of course, due to the atmosphere of heightened tension over “terrorist plots” that has hung over us for 15 years, since the Twin Towers atrocity.

We all need to use encryption and to anonymize as much as possible.  But as the companies that carry the bulk of internet traffic are in either UK or USA, it doesn’t look good. But try to get into encryption anyway – for everything – it’s the technical equivalent of putting your email in an envelope.  Would you be comfortable writing all your correspondence on the back of postcards, knowing that just anyone can read it?

 

7


Apple vs the FBI: Go on, Apple!

18/02/2016

At the FBI’s urging, a federal magistrate has ordered Apple to create a program that will allow the FBI to get into an iPhone belonging to one of the San Bernardino shooters.  They claim this a one-off thing; they just want to gain access to the shooter’s phone.  On the radio I heard a federal justice spokesman explain it like this:  “If the FBI had a warrant to enter and search a house, but the house had a combination lock that would permanently lock the door if the wrong combination was entered a few times, the FBI would knock the door in using a tank.  All we want is for Apple to supply us with the tank.”

But that is nonsense.  If the locked-door scenario happened, the FBI would bring their own tank to knock the door in.  They wouldn’t ask a lock manufacturer to build the tank for them.

The US government have wanted a back-door into Apple’s iPhones for a while now. This has especially been the case since September 2014, when Apple introduced new encryption into its iPhone operating system that would make it mathematically impossible for the company to unlock them for investigators. This was a departure from the past, when investigators could get access to a device if they sent it to Apple headquarters with a search warrant.

The US authorities are painting this as strictly an anti-terrorism move, and that it would apply only to the iPhone in question.  But that is plain wrong.  Ever since the Ed Snowden revelations, FBI director James Comey has been trying to figure out a way around the software as he and Apple’s Tim Cook have traded barbs publicly and privately.  And now he and his colleagues are using thie San Bernadino murders as a way to create case law that could force tech companies to provide back doors into their products.  The FBI claim they want Apple to create a master key just for the one iPhone; but once the precedence had been set, the authorities would use the Apple master key whenever they felt like it, and would be on sure ground to insist other Silicon Valley companies do the same.

Security professionals have pointed out that back doors are not the way to carry out investigations: see here and here for just a couple of examples.  The tragic San Bernadino shootings are, I’m sorry to say, just a way for the US authorities to get the back doors they want on faulty reasoning.  I’m happy Apple have contested this court order.  I don’t like Apple products or their propriety approach, but I’m at one with them that individual freedom is paramount.  After all, isn’t individual freedom what we are trying to defend from people like ISIS?

In addition to that: criminals might get hold of back door tools and use them to steal identities, bank details etc; and oppressive foreign governments might use them to persecute pro-democracy activists.  The authorities will obviously claim that no one will be able to access these master keys.  But the US government, among others, have suffered theft of data frequently; and foreign governments have spies, whose job is to steal secret tools and information.

To go back to the locked door and tank scenario: in this case the US authorities should bring their own tank – the NSA.  Or do they really expect us to believe that the NSA couldn’t crack this one phone?

Apple-Logo

Apple: doing the right thing


Why putting back doors in message apps will not stop terrorism

17/02/2016

I’m not a security expert.  So why don’t you listen to one?  This video is Bruce Schneier, a well-known security and cryptography expert, taking questions at DEFCON 23.  He addresses the issue of back doors at about 07:20, but the entire video is worth watching.

If you don’t want to watch it, I’ll paraphrase:   The feds say that ISIS recruits via Twitter.  A recruiter will get into conversation with people,  and the feds can monitor that okay.  But then the recruiter says “go download secure-app X” and all of a sudden the authorities can’t monitor them any more.  This makes the cops sad.  So they want to put back doors in all the messaging apps.  But that is not going to solve the problem!

(About 09:10) “This is not a scenario that any type of back door solves. The problem isn’t that the main security apps are encrypted. The problem is that there is one security app that is encrypted. The ISIS guy can say ‘Go download Signal, go download Mujaheddinsecrets, go download this random file encryption app I’ve just uploaded on Github ten minutes ago.’ The problem is not the encryption apps that the authorities want to get into, the problem is general purpose computers.  The problem is the international market for software.”  Back doors are not the solution for the problem the authorities claim to have.

You’d have to put back-doors in all messaging apps.  Not just the mainstream ones.  Not the not-so-popular niche apps that some people like to use.  ALL apps.  Including ones created by ISIS guys and uploaded to whatever-server-wherever-whenever.  “So we need to stop talking about that [back doors] or we’re going to end up with some really bad policy.” [about 10.00]

 

 


ibVPN could save you from ID theft, stolen bank details and so much more!

14/01/2016

Nowadays, there’s a lot going around about online secrecy, security, anonymity, theft of bank details and personal info… and a whole lot more.  For instance, did you know that you could decide to take advantage of McDonald’s free wifi while supping on a coffee… and someone else, with a gizmo like the Hak5 Pineapple, could snaffle all your data right out of the air.  And if you’d engaged in online shopping or banking, or even just putting in a password, your economic and personal freedom could possibly be stolen!

Of course, these “man-in-the-middle” attacks are nothing new.  But as tech like the pineapple gets more sophisticated, and cheaper, there are more and more evil computer-aided villains out there willing to sit near free hotspots waiting for a non-security-minded person to get tangled in their web of deceit.  In fact, these crooks don’t necessarily need a laptop to carry out these attacks – a smart phone will do much of the time.  And think about it, how many bods with smart phones do you see in McDonald’s, Burger King’s, Subway, etc etc?  That’s a lot of potential crime… and as anyone who’s suffered this before will tell you, re-securing your bank and other details is no laughing matter!

One way round these criminals is with the use of a Virtual Private Network (or VPN).  When you’re connected to the wev via a VPN, all your outgoing and incoming data is encrypted, meaning that a potential eacesdropper can’t make heads or tails out of anything you send or receive.  An excellent VPN service provider is ibVPN (invisible browser VPN).  You can get a free trial, it increases your online privacy and securely unblocks geo-restricted websites (eg you can watch BBC iPlayer even when you’re not in Britain, if you use a Brit-based server).  You can choose from +95 VPN servers in 39 countries, 63 locations, including servers set up for p2p (bittorrent etc) traffic.  You can surf the internet completely anonymously – hence the name “invisible browser”.  And their online support is extremely good – they have helped me out in the past, figuring our the most baffling problems.

Despite what you may hear on the news, enccryption and secrecy is not just for perverts, crooks or the paranoid.  In fact, that kind of thinking actually helps the crooks, putting you off using this technology to save you from criminals.

Believe me, sending an unencrypted email is like sening a letter on a postcard – easily read by anyone who can get his or her paws on it.  And with the scanning tech available, just about anyone can get a look.  Yes, you might not mind sending a “wish you were here” postcard to your mates when on holiday… but would you send sensitive info on the back of a postcard?  I know I wouldn’t.

Don’t fall prey to the crooks.  Use a service like a VPN.  And if you choose to use a VPN, ibVPN is a very good option.  They provide a very good service.

Go on, get a free trial from ibVPN.  No commitment necessary, and it could save you from the robbers and scammers!

ibvpn-logo

PS: Are you sick of crap mobile phone service?  Join GiffGaff, the mobile network run by YOU!  Get a free SIM card here.

 

free web stat

 


%d bloggers like this: