The Cypherpunk Manifestos

24/06/2018

Reading a lot about privacy and anonymity and cryptography and cryptocurrency and Darknet hidden services and Tor lately.  Something that has caught my attention is the Cypherpunk movement, and their manifestos.

bitcoin

Without anonymous currency, we don’t have real anonymity

The earliest one seems to be The Crypto Anarchist’s Manifesto, written by Timothy C May in 1988.  Here’s a link to it.  Written thirty years ago, but very of the moment even now.  Read how it opens:

Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.

A cypherpunk’s manifesto” by Eric Hughes, is also very relevant, even though it is 26 years old.  Here’s a bit:

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

This is stuff that could have been written yesterday.  The technologies required for true anonymity have broken out fairly recently: encryption, cryptocurrency, all this has come to a head now.  If we don’t seize this opportunity, maybe we don’t deserve it.

bmc-yellow


Darknet Part 1: What is the darknet and why should I care?

23/06/2018

 

Welcome to Part 1 of my guide to the Darknet.  Well, I say “mine” but it’s actually by many people.  And, just so you all know I’m not trying to pass off this guide as my own words, I’m going to show the words actually coming out of their true creators’ mouths, thanks to the miracle of video streaming over the internet! Thanks be to Youtube,eh!!

Okay, part 1 of this series is a primer on the Deep Web and the Darknet.  It’s a TEDx talk by Alex Winter (of Bill & Ted fame), entitled “The Darknet isn’t what you think”.  There are some misconception about what illegal services were available through the Silk Road website.  For instance child pornography was banned.  Stolen goods weren’t allowed.  Ads for contract killers weren’t allowed.

Anyway, check out the vid.  Enjoy!

Next time: A film about the rise and fall of the Silk Road

 


Apple closes security loophole in iPhones and other iOS devices

14/06/2018

Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.

They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked.  It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.

Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.

GreyKey-box

The GreyKey device that hacks into locked iPhones via its Lightning port

This will protect iPhones from the iPhone hacking tool GreyKey.

The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from  iPhones.  The Restricted USB Mode will cut off the GreyKey’s access.

hacked-iphone

The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds

Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

bmc-orange


ibVPN – safe web browsing for not much money

08/06/2018
ibvpn-4616-reviews

ibVPN – a high-rated VPN service with more than 180 servers world-wide

A VPN (Virtual Private Network) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. Nowadays VPNs are widely used to encrypt and secure an otherwise insecure connection (such as a public wifi access point – an eavesdropper can see everything you do over McDonalds’s wifi if it isn’t encrypted!); some people use VPN service to access restricted online service – eg if you live in the UK you won’t be able to use the US Netflix service as that is geographically restricted to users in the USA.  But if you use a VPN server based in the USA, Netflix won’t be able to tell that you’re not in the USA yourself – all Netflix can see is that your traffic is coming and going from that US-based server.  This feature also lends some anonymity to the internet connection, which is another reason some people use a VPN.

And  it’s not just geographical restrictions that VPN use can help you circumvent: some work and school networks stop users accessing some sites like Youtube for instance (your employer may want you to work rather than look at cat videos) or hacker sites (schools tend to block sites with crime-related content, and as so many people associate hacking with crime, anything containing the word “hacker” gets banned).  So, the local network won’t let you view what you want?  Use a VPN, and all the local net can see is data going to/coming from the VPN server.  It knows nothing about goddamn cat memes or how to crack Facebook accounts!

For the past few years I have been using ibVPN (“Invisible Browsing”), run by Romanian-based service provider Amplusnet.  It’s not the fastest service out there, but it is competitively-priced and has global availability.  ibVPN boasts of more than 180 servers in 47 countries across the globe.  And there are 4 different service plans:

  • Ultimate, at $4.83 per month –  “Great for strong privacy and securityheavy streamingunblocking restricted websitestorrents & p2p activity. The most complete package”
  • Standard, at $3.08 per month – “Great for regular usagestreamingunblocking restricted websitesprivacy protection. Includes access to VPN and Extensions. No SmartDNS.”
  • Torrent, also $3.08 per month – “Special package for those looking to protect their identity while downloading torrents. Privacy protection. No SmartDNS or Proxy.”
  • IBDNS/SmartDNS, also $3.08 per month – “Special package designed for unblocking restricted websitesand heavy streaming. Includes SmartDNS and access to browser extensions. No VPN.”

Their All-In-One client software/apps is available for Windows, Apple MacOS and iOS, and Android devices, and the services are also compatible with Linux, most routers, smart TVs and gaming consoles.  The interface is clean and efficient (see below).

ibVPN-All-in-one-client

ibVPN All-In-One client interface controls your VPN sessions

If you’re thinking of going with ibVPN but want to try before you buy, they offer a 6 hour free trial period.  And they have a 15 day money back guarantee if you’re not satisfied by the service.  This shows they have confidence in the quality of their product.

The speed of some servers/connections is not always great, but it is rarely appalling and the price is excellent.  All in all, a good service – I’ve been using it for some years now, which is the greatest praise any product could get – if I keep paying for something it’s because it’s the best!!  😉

Buy Me A Coffee


The govt need “back doors” to thwart terror attacks? Bullshit: they just need to do their jobs properly.

01/01/2016

Govts everywhere are talking up their need for back-doors in encryption etc by saying how the Paris killers got away with so much because of their encryption opsec skillz… but it turns out their opsec is flaky as shit and backdoors wouldn’t be nearly as useful to the cops as listening to the repeated warnings they’d got from Turkey.

Wired.com reported that “news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages…

“Reports in France say that investigators were able to locate some of the suspects’ hideout this week using data from a cellphone apparently abandoned by one of the attackers in a trashcan outside the Bataclan concert hall where Friday’s attack occurred, according to Le Monde. Authorities tracked the phone’s movements prior to the attack, which led them to a safehouse in a Paris suburb where they engaged in an hours-long shootout with the other suspects early Wednesday. These would-be attackers, most of whom were killed in the apartment, had been planning to pull off a second round of attacks this week in Paris’s La Defense business district, according to authorities.”

Other reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption. He also carelessly left behind a cellphone in Syria, which contained unencrypted pictures and videos, including one now-infamous video showing him smiling from a truck as he dragged bodies of victims through a street.

The killers were guilty of serious OPSEC failures… sometimes they didn’t use encryption at all, sometimes they left plaintext evidence lying round where anyone could find it. But as crappy as the terrorists were, the French cops were worse: Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.

But Western authorities, notably the US and the Brits, have been complaining that they need their secret back-doors to beat the killers, even suggesting that  “US companies like Apple and Google have blood on their hands for refusing to give intelligence and law enforcement agencies backdoors to unlock customer phones and decrypt protected communications”.

My question for the authorities is this: if encryption products have back doors built into them for law enforcement to use, isn’t it likely that crooks will also be able to use these back doors to steal our personal info, IDs, banking details, our entire fucking lives?  The govt are constantly losing top secret laptops on trains and in taxis, and computer intruders regularly bust into official data centres and make off with piles of sensitive data.  Do the authorities think their new back doors will somehow be magically better than all the fucked up attempts at secrecy and security they’ve tried before?

US-paramilitaries

Also, if the authorities get their way, they will be able to find out anything they want to about us.  Maybe (ha ha) that’s not a big problem right now.  But who knows what changes in governments will happen?  Far-right parties are getting more popular all the time.  And look at US presidential hopeful cock Trump: one press of a button and he’ll know exactly where to go to round up the Muslims he hates and send them to be tortured and killed by his friend Assad in Syria.

Don’t listen to the authorities when they say why they “need” the ability to access every bit of data on us.  They don’t need it.  They want it.  Just as they’ve always wanted new ways to eliminate those they don’t like.

giff-logo-small

CLICK ME FOR FREE SIMS!

free web stat


Want some privacy and security online? Check out ibVPN!

04/07/2015

I’ve been using using ibVPN for a while, and I think it’s great.  In case you don’t know, “VPN” means Virtual Priivate network.  To use Webopedia’s definition:

VPN is pronounced as separate letters and is short for virtual private network.

VPN is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company’s internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

At ibVPN they delete their logs after 10 days, which no doubt frustrates the police.  But they need to learn: Not all users of VPNs and other privacy tools are terrorists or drug traffickers.  Using a VPN, or encryption tools like PGP/GPG is like putting a letter in an envelope rather than sending a postcard that anyone can see.  I think having a private life is an essential human right.

In fact, I’ll offer Cameron and his cronies a deal: if they start posting their private emails, texts, Instant Messages and letters on a website for all to read, I’ll stop using a VPN.  I’m not talking about secret government correspondence.  Just their private, personal communications.

We got a deal, Dave?  Hmm, I guess not.


‘We can intercept your Google and Facebook activity all we want, so screw you!’ says UK government

17/06/2014

The British government has for the first time spelt out why it thinks it has the right to snoop on our Google, Facebook and other internet traffic all it wants.

Charles Farr, the Director General of the Office for Security and Counter Terrorism, has made a statement (available here) that claims according to UK law the security services only need to get warrants to snoop on communications from one UK party to another. Traffic to and from services like Google (which includes Gmail) and Facebook are classed as “external communications”, for which no warrants are required.

This is horrendous. The internet is a network of networks, many of which are in other countries. So a large amount of our online activity will be transferred via networks in the USA and other countries even if the activity is practically domestic. If you send an email via Gmail to another UK citizen, the government classes it as an “external communication”. The same will be true of activity on Facebook, Twitter, and a great many other services, even though your intention is to communicate or share with other UK residents. Tempora, the program run by the British snooping agency GCHQ, gathers data and metadata, then shares it with the NSA. This means that practically all our online activities are stored, and can be used in fishing expeditions, even though GCHQ or NSA do not suspect you of any potentially criminal activity. Tempora is a “buffer” which stores internet data for 3 days and metadata for 30 days. GCHQ’s computers sift through all this data, storing anything that is “of interest”, which means that online privacy really is nonexistent. Which is what many of us have assumed for ages (especially after Edward Snowden’s revelations), but now it’s official.

What really exasperates me is that major criminals and terrorists will be taking steps to avoid this already, for example by using a VPN (Virtual Private Network). The real victims of GCHQ’s activities are us ordinary joes who are not engaged in criminal conspiracies but who want privacy (like people who send letters in sealed envelopes rather than postcards). We could encrypt our communications; but how many of us want to do this? and I’ll bet Tempora looks out for encrypted traffic and logs it as suspect.

The law needs changing. But that’s not going to happen. Why would the government give up these powers? So, I’m going to use my VPN account when I go online, and I advise everyone else to do the same. Tempora’s alarms will be set off by my suspicious activity; but if everyone is doing it GCHQ’s systems will overload. I hope. Remember, GCHQ has supercomputers and massive storage facilities. Big Brother, man! 1984 man!

Locations of visitors to this page


free web stat


%d bloggers like this: