Category Archives: Surveillance

Gave Privacy By Design Talk At eth0

eth0I gave my talk about privacy by design last Saturday at eth0 2014 winter edition, a small hacker get-together which was organised in Lievelde, The Netherlands this year. eth0 organizes conferences that aim at bringing people with different computer-related interests together. They organise two events per year, one during winter. I’ve previously given a very similar talk at the OHM2013 hacker conference which was held in August 2013.

Video

Here’s the footage of my talk:

Quick Synopsis

I talked about privacy by design, and what I did with relation to Annie Machon‘s site and recently, the Sam Adams Associates for Integrity in Intelligence site. The talk consists of 2 parts, in the first part I explained what we’re up against, and in the second part I explained the 2 sites in a more specific case study.

I talked about the revelations about the NSA, GCHQ and other intelligence agencies, about the revelations in December, which were explained eloquently by Jacob Applebaum at 30C3 in Hamburg in December. Then I moved on to the threats to website visitors, how profiles are being built up and sold, browser fingerprinting. The second part consists of the case studies of both Annie Machon’s website, and the Sam Adams Associates’ website.

I’ve mentioned the Sam Adams Associates for Integrity in Intelligence, for whom I had the honour to make their website so they could have a more public space where they could share things relating to the Sam Adams Award with the world, and also to provide a nice overview of previous laureates and what their stories are.

Swiss FlagOne of the things both sites have in common is the hosting on a Swiss domain, which provides for a safer haven where content may be hosted safely without fear of being taken down by the U.S. authorities. The U.S. claims jurisdiction on the average .com, .net, .org domains etc. and there have been cases where these have been brought down because it hosted content the U.S. government did not agree with. Case in point: Richard O’Dwyer, a U.K. citizen, was threatened with extradition to the United States for being the man behind TVShacks, which was a website that provided links to copyrighted content. MegaUpload, the file locker company started by Kim Dotcom, was given the same treatment, where if you would visit their domain, you were served an image from the FBI telling you the domain had been seized.

Privacy in danger, but there’s light at end of the tunnel

Note: This article is also available in Portuguese, translated by Anders Bateva.

Last week I read an article about the plan by the National Police of the Netherlands to connect all CCTV cameras to the national camera network which is operated by the police. SurveillanceThe upper echelon of the Dutch police is currently secretly writing their policy document entitled Sensing, in which the definite plans will be written out in further detail. It would be interesting to know the contents of this secret report, since I’m pretty sure all the standard, same old arguments about why this should be implemented will be brought to the table again. They will probably say that it’ll prevent crime and deter hoodlums, etcetera. We’ve read the arguments for it again and again, but fact of the matter is that more cameras doesn’t mean less crime, CCTV cameras have never stopped criminals from committing a crime, they are ineffective, and it’s an invasion to our privacy, especially when it’s all connected into a single, nation-wide network, recording all our movements. It’s the Panopticon! This then gets stored indefinitely, because governments the world over only remember the ‘delete’ command (‘rm -rf’ if you will) when it’s in their interest to delete stuff. All other stuff (like these camera images, but also information stored by our various intelligence agencies, financial information, the sites you visit, your e-mail, call records, medical records, etcetera) never gets deleted. That’s why the NSA is building their new data-bunker in Bluffdale, Utah, to create more storage space so they get to keep storing all kinds of data about our lives that goes over a wire. And our intelligence agencies are all in on it. Dutch Home Office Minister Ronald Plasterk had a bit of a row with parliament, with MPs being angry about a tiny parliamentary technicality, namely that Plasterk lied to them, claiming the NSA collected metadata on 1.8 million phone calls in the Netherlands, while it was in fact our own intelligence service, the AIVD, doing it. The sad thing of our political system is that they put all the focus on this tiny parliamentary technicality, when they totally forget about the big picture, namely that 1.8 million phone calls were being tapped, and that we should do something about this. 1.8 million is an enormous number for a country of 17 million people. Even more scary is that the parliamentary commission which is supposed to provide oversight over the intelligence community, the Commisie van Toezicht op de Inlichtingen- en Veiligheidsdiensten (CTIVD), also known as Commissie Stiekem, had no knowledge about this, and didn’t know that this was even happening. So much for oversight. The problem with oversight over intelligence agencies is that because of the very nature of these agencies they keep their information a secret, and they can lie to our elected representatives with impunity, and there’s no way to check until someone brave enough to blow the whistle steps forward.

This House Would Call Edward Snowden A Hero: 212 yay, 171 nay

Edward SnowdenMeanwhile, at an Oxford Union debate last week in Oxford, United Kingdom, the Union passed a motion to call Edward Snowden a hero by 212 votes against 171. It was a lively debate, both from the members of the proposition and the members of the opposition, and I have to side with the proposition, because without people like Snowden, who has given up his previous comfortable life on Hawaii to blow the whistle, the world would have never known about the crimes of the spies. Eventually there comes a point where you’re asked to forget about it! so many times and about such egregious crimes that you can no longer look at yourself in the mirror any more, and something has to be done, the people need to be informed. During the debate I heard the opposition say that Snowden “violated his oath”. This is an argument that popped up again and again in various articles I’ve read in which people vilified Snowden. In fact, he didn’t swear an oath to secrecy, no-one does. He swore an oath to the Constitution of the United States; to uphold the Constitution. He hasn’t violated the Constitution; the U.S. government and the NSA in particular violated it. Yes spies spy, that’s not surprising, but they claim all is done in the name of national security, when it is in fact often corporate espionage that these intelligence agencies engage in. It’s about making sure the lucrative contract goes to Boeing instead of to Airbus; it has nothing to do with national security, but more with corporate profits. And there’s no meaningful oversight whatsoever: these people lie with impunity. That alone is already endangering our very democracies, having people with absolute power without any form of effective oversight is very detrimental and damaging to our very democracies and free societies. Snowden mentioned that whilst working at Booz Allen Hamilton, he had the power to tap everyone, including the President of the United States. And he wasn’t the only one with that kind of security clearance either. In the United States, almost 5 million people have a security clearance, with more than 1.4 million people having access to TOP SECRET documents. Imagine what kind of information the intelligence community has about the private life of the President and his family, and how a less honest person might use that. It would be easy to blackmail the President into doing the spooks’ bidding! And in the United States, more and more tasks that used to be done by government exclusively (like intelligence), is now being done by companies like Booz Allen Hamilton, or Academi (which I like to call: the company previously known as Blackwater USA). This is a very scary development because these companies have profit as their basic motivation. They do not have our best interests at heart. Lord Acton wrote in 1887:

“Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men, even when they exercise influence and not authority, still more when you super-add the tendency or the certainty of corruption by authority. There is no worse heresy than that the office sanctifies the holder of it.”

Chelsea Manning Receives Sam Adams Award 2014

Also at the Oxford Union last week, the Sam Adams Associates for Integrity in Intelligence awarded Chelsea Manning their award for the year 2014, meant for people who display extraordinary integrity in intelligence. The group and award was named after Sam Adams, a CIA intelligence analyst, who in 1967 discovered that there were far more Communist forces under arms in Vietnam, roughly twice the number U.S. command in Saigon would admit to. This intelligence revealed that the Pentagon was vastly under-reporting the number of enemy forces. But I digress.. Collateral MurderChelsea Manning revealed, by releasing the Collateral Murder video to WikiLeaks, that U.S. forces were committing war crimes. This showed the crew of a U.S. Apache attack helicopter firing away at unarmed civilians, Reuters journalists, and a father who was bringing his children to school and stopped his van to help one of the Reuters journalists who tried to drag himself onto the curb, heavily wounded. The U.S. forces were yelling like it was some sort of snuff video game, it’s absolutely horrific, and these people should be brought to trial and charged with war crimes and crimes against humanity. Because that’s what it is. Chelsea Manning displayed extraordinary courage in releasing these documents, and rightly deserves this award. Meanwhile, I’m looking forward to the day the U.S. government and the crew of the Apache helicopter in question, are indicted for multiple counts of war crimes and crimes against humanity. At which point the United States will invoke the American Service-Members’ Protection Act (also known as the The Hague Invasion Act). But that’s another story.

NSA is coming to town!

I just stumbled upon this funny video made by the ACLU (American Civil Liberties Union). It fits perfectly, and it’s funny to see that when invasions of privacy gets really personal (Santa photographing your face, recording your conversations and rifling through your smartphone), people really don’t like this and some respond strongly, but when the exact same thing is done by some big, anonymous government agency it doesn’t get such a strong response, which in unfortunate. Anyway, without further ado:

Facebook records self-censorship

Recently I came across an article about Facebook, more specifically, that Facebook wants to know why you self-censor, in other words, why you didn’t click Publish on that status update you just wrote, but decided not to publish instead. It turns out Facebook is sending everything you type in the Post textarea box (the one with the “What’s on your mind?” placeholder), to Facebook servers. According to two Facebook scientists quoted in the article: Sauvik Das, PhD student at Carnegie Mellon and summer software engineer intern, and Adam Kramer, a data scientist, they only send back information to Facebook’s servers that indicate whether you self-censored, not the actual text you typed. They wrote an article entitled Self-Censorship on Facebook (PDF, copy here) in which they explain the technicalities.

It turns out this claim that they only send metadata back, not the actual text you type is not entirely true. I wanted to confirm whether they really don’t send what you type to Facebook before you hit Publish, so I fired up Facebook and logged in. I opened up my web inspector and started monitoring requests to/from my browser. When I typed a few letters I noticed that the site makes a GET request to the URL /ajax/typeahead/search.php with parameters value=[your search string]&__user=[your Facebook user id] (there are more parameters, but these are the most important for the purposes of this article). The search.php script probably parses what you typed in order to find contacts that it can then show to you as autocomplete options (for tagging purposes).Facebook sends data

Now, the authors of the article actually gathered their data in a slightly different way. They monitored the Post textarea box, and the comment box, and if more than 5 characters were typed in, it would say you self-censored if you didn’t publish that post or comment in the next 10 minutes. So in their methodology, no actual textual content was needed. But it turns out, as my quick research shows above, that your comments and posts actually do get send to Facebook before you click Publish, and even before 5 characters are typed. This is done with a different purpose (searching matches in your contacts for tagging etc.), but clearly this data is received by Facebook. What they subsequently do with it besides providing autocomplete functionality is anyone’s guess. Given that the user ID is actually sent together with the typed in text to the search.php script may suggest that they associate your profile with the typed in text, but there’s no way to definitively prove that.

When I read through the article, one particular sentence in the introduction stood out to me as bone-chilling:

“(…) Last-minute self-censorship is of particular interest to SNSs [social networking sites] as this filtering can be both helpful and hurtful. Users and their audience could fail to achieve potential social value from not sharing certain content, and the SNS [social networking site] loses value from the lack of content generation. (…)”

“loses value from the lack of content generation.” Let that sink in. When you stop from posting something on Facebook, or re-write it, Facebook considers that a bad thing, as something that removes value from Facebook. The goal of Facebook is to sell detailed profiling information on all of us, even those of us wise enough not to have a Facebook account (through tagging and e-mail friend-finder functionality).

Big Data and Big Brother

And it isn’t just Facebook, it’s basically every social network and ad provider. There’s an entire industry of big data brokers, with companies most of us have never heard of, like Axciom for instance, but there are many others like it, who thrive on selling profiles and associated services. Advertising works best if it is specific, and plays into users’ desires and interests. This is also the reason why, for this to be successful, companies like Facebook need as much information on people as possible, to better target their clients’ ads. And the best way is to provide a free service, like a social network, enticing people to share their lives through this service, and then you can provide really specific targeting to your clients. This is what these companies thrive on.

The bigger problem is that we have no influence on how our data gets used. People claiming they have nothing to hide, and do nothing wrong, forget that they don’t decide on what constitutes criminal behavior, it’s the state making that decision for them. And what will happen when you are suddenly faced with a brutal regime that abuses all the information and data they got on you? Surely we want to prevent this.

This isn’t just a problem in the technology industry, and business, but a problem with governments as well. The NSA and GCHQ, in cooperation with other intelligence agencies around the world are collecting data on all of us, but without providing us, the people, the possibility of appeal, and correction of erroneous data. We have no influence on how this data gets used, who will be seeing it, how it might get interpreted by others, et cetera. The NSA is currently experiencing the same uneasiness as the rest of us, as they have no clue how much or what information Edward Snowden might have taken with him, and how it might be interpreted by others. It’s curious that they now complain about this same problem that the rest of us have been experiencing for years; a problem that NSA partly created by overclassifying information that didn’t need to be kept secret. Of course there is information that needs to be kept secret, but the vast majority of information that now gets rubber stamped with the TOP SECRET marking, is information that is of no threat to national security if it were known to the public, but more likely information that might embarrass top officials.

We need to start implementing proper oversight to the secret surveillance states we are currently subjected to in a myriad of countries around the world, and take back powers that were granted to them, and subsequently abused by them, if we want to continue to live in a free world. For I don’t want to live in a Big Brother state, do you?

Security Measures against Terrorism: Costs v. Benefits

Note: This article is also available in Portuguese, translated by Anders Bateva.

Plasterk in Tweede KamerA few days ago, the Dutch Home Office Minister Ronald Plasterk said in a debate in parliament that he’s apparently OK with the American intelligence community, the NSA among others, to spy on the Netherlands. His reasoning is flawed from the get-go, and went somewhat like this (paraphrased): “I don’t want to say that Dutch citizens may never be spied upon. Because that Dutch citizen can also be a stone-cold terrorist. And it’s good if that terrorist can be found.” Here’s the full quote (in Dutch):

“Ik wil dan ook wel oppassen om in het woordgebruik bijvoorbeeld te zeggen: ja maar, er mag nooit naar Nederlandse burgers worden gekeken. Want die Nederlandse burger kan natuurlijk een keiharde terrorist zijn, en dan zijn we toch blij dat die op een gegeven moment ergens op de rader verschijnt, en dat moet natuurlijk volgens de wetten gebeuren, maar dat die op de radar verschijnt, en dat er vervolgens actie kan worden ondernomen.”

Plasterk later denied saying that, but he did in fact say this during the debate. More evidence can be found here.

Is No Price Too High For Security?

Benjamin Franklin once said something like “They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” This quote has been used a lot, but it is applicable here. The question we need to answer is the following: When do security measures stop benefiting the greater good, and infringe on our privacy and liberty, which are values that used to define our very societies? When does the price we have to pay for that little extra security becomes too great? Combating terrorism certainly seems like a very noble goal, and while I do agree that there are some people out there who aim to change our societal structures through violent methods (although one has to note that one man’s terrorist is the other man’s freedom fighter; the definition of the term is a bit in the eye of the beholder), there does come a point where the price we have to pay for a little increase in security becomes too great, compared to the potential benefits.

Terrorism is Really Rare

Chances Terrorist Attack One thing we have to understand is that acts of terrorism on the scale of 9/11 or the London public transport bombings on 7/7, awful as they may be, are still very rare indeed. Extremely rare in fact. Even President Obama has said so, although he does have an interesting choice of words. The chance that you’re involved in a traffic accident tomorrow are several orders of magnitude greater than the chance that the next aircraft you are in will end up in a building instead of on the runway. This is also valid for other acts of terrorism, not just the ones involving aircraft. And even the TSA agrees now that terrorists are not plotting against aviation. So why do we still have to cope with all the draconian security measures then, if it’s clear that it didn’t help one bit? You see the same thing happening with CCTV cameras. Governments and corporations put these things up everywhere, but there isn’t the tiniest shred of evidence that these cameras actually help prevent crimes. But still the TSA and their European counterparts continue to tell people to leave their water bottles and baby food and butter knifes at the checkpoint. Bruce Schneier put a lot of thought into this problem, and he said that we currently try to protect against specific movie-like terrorist plots, instead of doing a thorough risk analysis and protect ourselves with more generic measures that may actually work against multiple types of plots. Terrorists bring down aircraft, so we increase security at airports; terrorists used box cutters, so we ban box cutters; someone brought a bomb on board hidden in his shoe, so we’re telling people to take their shoes off. These are all very specific actions taken against these types of movie-like plots. The security measures taken here are way too specific to work against anything other than the movie plot attack. As soon as terrorists modify their plan just one tiny bit, the entire strategy to combat them becomes ineffective. Humans are unfortunately excruciatingly bad at evaluating risks, and if you give them a very specific, movie-like terrorist plot, they will rate the risk from that much higher than it is in reality, because of the specificity of the plot. We humans have evolutionary been conditioned to consider specific threats a greater risk than a more general threat. On Wired, Schneier states:

If you’re a higher-order primate living in the jungle and you’re attacked by a lion, it makes sense that you develop a lifelong fear of lions, or at least fear lions more than another animal you haven’t personally been attacked by.

We are conditioned to think: it happened once, so it’s likely that it’ll happen again. And you see politicians using that knowledge to their advantage. It is insightful to consider that most measures we’ve currently taken against terrorism, would never even be considered had the events of 9/11 not happened.

Moving On..

With regard to the comments made by Mr. Plasterk: I think a lot of politicians still think that the United States is one of the ‘good guys’, when there’s more and more evidence coming out that politically speaking, it is not our ally, and certainly not our friend. They serve their own self-interests, just like any other nation on earth, and it’s important to never forget that. I even heard some politicians say that we should demand that Dutch citizens shall be treated the same as Americans under US law. It is laughable to think that the Americans across the pond will say: “Oh no! We angered the Dutch! Quickly change our laws to treat them the same as we treat Americans before they start re-colonizing New York!” At most, what these politicians will get is a nice letter from the US Embassy in which they solemnly promise that it will never happen again, meanwhile not changing their laws or practices in the US. And the NSA happily continues to trample upon their NATO allies’ rights. And our politicians are apparently very happy to accept that. We have to reconsider our position and alliances after the numerous disclosures of classified documents by whistle-blower Edward Snowden. For what good is a friend who spies on you behind your back? President Roussef of Brazil has taken decisive action by severing ties with the United States and even building new fibre optic cable connections that circumvent United States territory. Where is the outrage in Dutch society? Here, AMS-IX (the Amsterdam Internet Exchange, the second-largest Internet exchange in the world), sets up shop in the US, making it subject to the PATRIOT Act. Have these people been living under a rock these past months? Or are there other, commercial interests at play here? We need to start demanding answers while at the same time strengthening our own privacy protections. Privacy is a human right, nothing more, nothing less. We need to start using it, or risk losing it.

At the Crossroads: Surveillance State or Freedom?

OHM2013

When I went to OHM2013 last week, it was great to see such increased political activism from the hackers and geeks at the festival. I truly believe we are currently at a very important crossroads: either let governments the world over get away with crimes against the people’s interests, with programs like PRISM, ECHELON, TEMPORA and countless other authoritarian global surveillance schemes, or enter the path towards more freedom, transparency and accountability.

A good example of what not to do is Google Glass. A few weeks ago I came across the story of a hacker who modded Google Glass as to allow instant facial recognition and the covert recording of video.  Normally you need to tap your temple or use voice commands to start recording with Glass, all of which are pretty obvious gestures. But now people can record video and do automatic facial recognition covertly when they wear Glass. I even saw that there’s an app developed for Glass, called MedRef. MedRef also uses facial recognition technology. This basically allows medical professionals to view and update patient records using Glass. Of course having medical records available on Glass isn’t really in the interests of the patient either, as it’s a totally superfluous technology, and it’s unnecessary to store patient records on a device like that, over which you have no control. It’s Google who is calling the shots. Do we really want that?

Image above © ZABOU.

Image above © ZABOU.

As hackers, I think it’s important to remember the implications and possible privacy consequences of the things we are doing. By enabling the covert recording of video with Google Glass, and also adding on top of that, instant and automatic facial recognition, you are basically creating walking CCTV cameras. Also given the fact that these devices are controlled by Google, who knows where these video’s will end up. These devices are interesting from a technical and societal standpoint, sure, but after PRISM, we should be focusing on regaining what little we have left of our privacy and other human rights. As geeks and hackers we can no longer idly stand by and just be content hacking some technical thing that doesn’t have political implications.

I truly and with all my heart know that geeks and hackers are key to stopping the encroaching global surveillance state. It has been said that geeks shall inherit the earth. Not literally of course, but unlike any other population group out there, I think geeks have the skills and technical know-how to have a fighting chance against the NSA. We use strong encryption, we know what’s possible and what is not, and we can work one bit at a time at restoring humanity, freedom, transparency and accountability.

These values were won by our parents and grandparents after very hard bloody struggles for a reason. They very well saw what will happen with an out-of-control government. Why government of the people, for the people, and by the people, is a very good idea. The Germans have had plenty of hands-on experience with the consequences as well, first with the Nazis who took control and were responsible for murdering entire population groups, not only Jews but also people who didn’t think along similar lines: communists, activists, gay people, lesbians, transgenders, etc. Later the Germans got another taste of what can happen if you live in a surveillance state, with the Stasi in the former East-Germany, who encouraged people to spy on one another, exactly what the US government is currently also encouraging. Dangerous parallels there.

But you have to remember that the capabilities of the Stasi and Gestapo were only limited, and peanuts to what the NSA can do. Just to give a comparison: the Stasi at the height of its power, could only tap 40 telephone lines concurrently, so at any one time, there were at most 40 people under Stasi surveillance. Weird isn’t it? We all have this image in our minds that the prime example of a surveillance state would be East-Germany under the Stasi, while they could only spy on 40 people at a time. Of course, they had files on almost anybody, but they could only spy on this very limited number of people concurrently. Nowadays, the NSA gets to spy continuously on all the people in the world who are connected to the internet. Billions of people. Which begs the question: if we saw East-Germany as the prime example of the surveillance state, what do we make of the United States of America?

The Next Step?

I think the next step in defeating this technocratic nightmare of the surveillance state and regain our freedom is to educate others. Hold cryptoparties, explain the reasons and need and workings of encryption methods. Make sure that people leave with their laptops all configured to use strong encryption. If we can educate the general population one person at the time, using our technological skill and know-how, and explain why this is necessary, then eventually the NSA will have no-one to spy on, as almost all communication will flow across the internet in encrypted form. It’s sad that it is necessary, really, but I see no other option to stop intelligence agencies’ excess data-hunger. The NSA has a bad case of data addiction, and they urgently need rehab. They claim more data is necessary to catch terrorists, but let’s face it: we don’t find the needle in the haystack by making the haystack bigger.

My Privacy by Design Talk at OHM 2013

OHM2013Last week I’ve given a talk about privacy by design as it relates to websites at Observe, Hack, Make (OHM) 2013, a quadrennial geekfest and hacker/maker event held in the Netherlands. It’s one of the biggest hacker festivals out there, with 3,000 people that have descended on the festival grounds, and it’s great fun and a great place to meet people, hackers, makers, thinkers, and media people. It’s been somewhat of a Dutch tradition to hold these events every 4 years.

The video will be uploaded as soon as it becomes available.

I’ve designed and developed Annie Machon’s website in May 2012. This site used to run on a closed-source Typepad solution, and Annie wanted to move her website to a more open solution, for which we’ve settled on WordPress. Also, she wanted to move away from the .com domain for reasons of domain jurisdiction. You see, when you operate a .com, .net, .org etc. these domains can be easily seized by the American government if you’re doing something that may upset them. This has happened to MegaUpload, to Richard O’Dwyer’s TVShacks, the examples are legion. This can be really damaging for your reputation, so it’s important to make sure that you’ve set up your infrastructure to resist attacks like these as much as feasibly possible.

I’ve also modified Annie’s WordPress site as to prevent browser tracking as much as possible, allowing people to visit her site without fear of their movements being tracked. Normally, your website visits get tracked if the websites you visit implement things like Facebook Like buttons, etc., which reference Trackingexternal scripts and images that will tell these third-party services what your surfing behavior is. This is obviously not something that we would want, we want an open, free web, that’s easy to use, by which it’s easy and natural in fact to share information, without having to fear that we get tracked and profiled. With browser tracking a lot of information about your browser gets sent to companies like Facebook. Things like IP address, browser brand and version, the country you’re coming from, etc. These parameters are all used to connect this data together and build up a profile in this way.

Synopsis of My Talk

This talk is about the possible conflict between getting your message out there, and trying to maintain your site visitor’s privacy. This talk will highlight some of the issues that need to be taken into consideration when building websites for whistleblowers with high security & privacy needs.

This talk is about the conflict that can arise between getting your message out there, and trying to maintain your audience’s right to privacy. In the last couple of years, with the dramatic increase in the use of social media, often one of the most effective ways of spreading your message to a large group of people has become to foster a community using existing social networks, like Facebook or Twitter.

The problem with using these services is that, while convenient, they also snoop on your audience’s private data. These companies make their money by creating and selling detailed profiles to marketers, to that they can effectively target their ads. Often these services run their own ad service as well, as is the case with Facebook and Google. Later on, this data can come back to hunt you. Let’s say you’ve been searching on Google for some serious illness or disease. You can imagine what your health insurance company would do, had it access to this information. Up the premiums or deny you insurance altogether.

Sander Venema was asked by Annie Machon to redesign her website in early 2012. We took special care in avoiding common traps that can compromise the security and privacy of the site’s visitors when designing the new site.

In his talk, Sander will talk about the special considerations that come with building websites for whistleblowers with high security & privacy needs, both for the owner/operator, and the visitors of the site; discuss what the problem points are, and how we worked around them to create a website that is both pretty, usable and as safe as possible. He will also talk about domain security and governments claiming jurisdiction over a domain name, even if the actual server is not located in their country and the site isn’t aimed specifically at their citizens. There have been several cases in the past where websites have been brought offline because of this.

Ubiquitous Tracking by Big Mega Corporations and What We Can Do About It

Nowadays, if you surf the web like any normal person, chances are your movements on the internet will be tracked. There are a lot of companies tracking you and building detailed profiles about your behaviour on the internet. With all the news about the revelations of Edward Snowden about the mass surveillance going on by the NSA, GCHQ and other Three-letter agencies, you might almost forget that there is a whole world out there with various corporate entities who also build profiles about you, either with or without your knowledge and consent.

Why big corporations are tracking you and building profiles about you

Profiles about your Internet behaviour most often get built by simply surfing unprotected, with your browser executing any and all JavaScript that it comes across, which usually does some data collection about your browser and operating system, which then gets sent back to third-party advertising networks who make money building profiles about every user on the internet. Now, of course they claim this is done to better target ads, so you get ads aimed specifically at your current interests and your geographical location or linguistic background, for instance. You see, when you search for something on the internet, you are revealing something very private indeed: you are revealing what you think at that very moment. What things you are likely interested in.

Google Anatylics Dashboard, giving an impression of things it can track.

Google Anatylics Dashboard, giving an impression of things it can track.

This information is worth a lot of money to marketers, who are always on the lookout for ways to target and market their products to just the right audiences. Knowing exactly what people are up to and what their interests are is something marketing departments the world over crave. For if you know exactly what your audience’s interests are, you can tailor the marketing of your products to exactly fit their needs, leading to more sales. Selling access to this information is Google’s main profit model. The major problem with this data collection is that it is all happening without our knowledge or consent. There are only a few large companies in the world who hold a virtual monopoly on acquiring a lot of data about people via the internet. An example would be Facebook; a lot of sites on the internet (tens of millions) have a certain link with Facebook, via their share buttons. Because these buttons are so ubiquitous, found on almost every other site, this causes Facebook to know quite a bit about your surfing behaviour, even if you’re not a Facebook user. Your data still gets collected and stored in a shadow profile, where it is then of course susceptible to acquisition by government agents as well.Filter Bubble

Major problems with personalized results

As more and more people discover their content and news through personalized feeds like those found on Twitter and Facebook etcetera, the stuff that matters gets pushed off the feed. People who live in the filter bubble, a term coined by Eli Pariser, can easily miss vital information about certain major events. I’ll give an example. During the Egyptian Revolution of 2011, two people may be getting two completely different results on Google. One, who is more interested in holidays, according to the profile built up by Google, may be getting more links in the search engine results page (SERP) about holidays to Egypt, and miss news about the revolution completely, whereas someone who is more politically active, may only get links to news sites with articles about the revolution. This is already a major difference in the results you get. You may be under the impression that the results generated by Google are the same for everyone where, evidently, they are not. They are generated based on your personal interests, information you and/or your computer shared with Google. The question is: is it really always a good thing that we only get to see stuff we are interested in? And that some big mega-corporation like Google is deciding that for us? This way we may miss vital information, as the information that reaches us gets censored transparently, without our knowledge or consent. If we only get our news from personalized news feeds like those provided by Facebook, Google and Twitter, we may miss out on a lot of information. Therefore it is prudent to always use as many different sources of information as possible, so efforts to filter our results and trap us in the filter bubble have as little effect on us as possible.

Steps we can take to arm ourselves

There are various things we can do to arm ourselves against tracking by and building up of profiles. First step is using a common browser. This may sound strange, but let me explain. There’s this tool written by the Electronic Software Foundation called the Panopticlick. With this tool you can check all kinds of information about what kind of fingerprint your browser leaves behind, and with how many computers it shares that fingerprint. By having a very large pool of potential computers, all with the same browser fingerprint, we make it harder for companies to track our movements on the internet, as the pool of possible targets will be larger. Browser fingerprinting Cookie Monsterworks without cookies, so it’s a big threat to your online privacy. In terms of browsers, Firefox is a good one. Chrome not so much, as it’s sharing information about which sites you surf with Google. I also recommend Firefox not only because it’s open source, but also because of the vast repository of add-ons available for it. Make sure you disable the setting of third-party cookies. Secondly, it helps if we install browser add-ons like Ghostery, NoScript and AdBlock Plus. These add-ons will specifically disable any Javascript tracking going on, either by completely disabling JavaScript completely (in the case of NoScript), or by having a list of common advertising companies and other various trackers, which it specifically blocks (in the case of Ghostery). AdBlock Plus removes all ads from the websites you visit. They don’t even get loaded. JavaScript is a programming language, with which we can do a lot of cool stuff and make web pages seem more responsive, have our webapps feel more like desktop apps, etc. A lot of stuff is possible with JavaScript. This is in part because it most often gets executed on the client, not on the server. Every browser capable of running JavaScript basically has a virtual machine like Google’s V8, or something similar with which it can run JavaScript. The problem is that with JavaScript the script writer can also get a lot of information back from the browser, and all kinds of nifty hacks are possible if JavaScript is enabled. So disabling JavaScript wherever possible is a very safe thing to do. And with NoScript, you can still enable JavaScript on a per-domain basis as well, if you need it. This will already prevent a large part of the tracking stuff from ever loading on your computer. Other add-ons like RefControl (which will forge or block the HTTP_REFERER header from your browser) also work to enhance your privacy. By reading the HTTP_REFERER header, a site can normally see from what site you came from, and by blocking or forging this header, we don’t reveal any information about our surfing behaviour in this way. HTTPS Everywhere is a good addon to have as well, as it enforces HTTPS (secure, encrypted) communications on sites that support it. Some sites, like Facebook for instance, do support HTTPS communications, but redirect all their links to the insecure HTTP variant. By installing HTTPS Everywhere, which is written by the EFF, we force sites like these to use HTTPS all the time. To check with what sites your browser has shared information about you, you can install Collusion. With this add-on, you can open up a tab with information about which sites you have visited during your browsing session, and with which sites your browser has shared information. This is often substantially more than the sites you actually visit. Many sites for instance use advertising networks, which load their ads from another domain, and data about you gets sent to these networks to track and profile you. To see whether and to what extent this is happening to you, you can install Collusion. To get better protection against tracking, we can change our surfing behaviour by avoiding certain US companies like Google for instance. You can instead search the internet using Startpage. Startpage uses the Google engine, but strips all identifying information from the request before it sends it off to the Google servers, allowing you to search tracking-free. They also don’t store any logs whatsoever, and they use encryption by default.

Right, am I done yet?

The tips above are only good advice in general, and will protect against most profiling attempts by advertising and other profit-oriented companies which try and sell your profile to their clients, but won’t protect you against a determined, well-financed adversary like an intelligence agency. For this, you need to encrypt the hell out of your life, and use crypto like AES, etc. (VeraCrypt) and PGP (GnuPG) as much as possible. Why should we be making it easy for the spooks? In that case, you might also read up on VPNs, and check out the Tor network (but keep in mind that many exit nodes are run by intelligence agencies, so always use end-to-end encryption (e.g. HTTPS) when using Tor). In this case, also try to avoid using any service made available by any US company whatsoever. Think SAAS providers, cloud services, etc. Because of the Patriot Act, US government agencies (and of course, through them, other, foreign intelligence agencies which cooperate with the Americans) can easily request any and all information some company with US ties stores about you. So try to avoid that as much as possible in this case. This is the reason why I’ve moved my online persona to Switzerland, and also running my mail on a mail server that I control. Also think about the security of your devices, and only run free software, so there’s less chance of a back-door hidden in the software you use. But you can read up more on the measures you can take when you’re up against a more powerful adversary. But with the above tips, you’ll be well on your way to better securing your communications. Notice: The above article also got published on UKcolumn.org. While I am very happy with the syndication, I don’t agree with everything published on UKcolumn.org.

Dangers of the ‘nothing to hide, nothing to fear’ mentality

Note: This article is also available in Portuguese, translated by Anders Bateva.

With regards to the whole PRISM program recently unveiled by NSA whistleblower Edward Snowden, I had a discussion with someone a few days ago who still held to the view that if you have nothing to hide, you have nothing to fear from the government. This blog post is mainly aimed at dispelling some of these myths that keep cropping up in these discussions.

Change in Government

One of the biggest problems with this argument is that the government isn’t this all-good, benevolent entity that most people think it is. They actively and purposefully violate their own laws regularly. Now governments always have claimed that they work in the best interest of the people (which is the thing they should do), but who guarantees to me that this will always stay this way? Who guarantees that the Dutch government for instance, won’t turn into a full-blown police state in 5 or 10 years time, the way the British government already has? GCHQ is even worse than the NSA, as they’re tapping over 200 fibre optic cables indiscriminately. Who guarantees to me that there won’t be a dictator in 10 years time, maybe elected in a fit of fear, who then grabs power and starts abusing it to the fullest? Many people seem to laugh at the suggestion, but the danger is still very real. We don’t know what will happen in the future so therefore we should instead be proactive, and make sure that when a malevolent government does come to power (which I hope not), it has as little influence over the lives of the people as possible. An interesting story about changing governments, and sudden abuse of power is the story of Jacob Lentz. Lentz was a Dutch civil servant who worked on setting up the national resident registration system and designed the new national ID cards during the Second World War. In the summer of 1940, Lentz was convinced that Nazi Germany would win World War II, and he worked very hard at creating a watertight system. His ID cards were notoriously difficult to forge, even better that the German variant, the Kennkarte, making the lives of the Dutch resistance members a lot harder. His system registered a lot of information about the Dutch citizens, religion among other things. This make it ridiculously easy for the Nazis, when they conquered The Netherlands in May 1940, to see who was of Jewish descent and who wasn’t. And we all know the unimaginable horrors that led to. Now, Lentz thought he had good intentions. But the road to hell is paved with good intentions, as they say. If Lentz had thought it through just a little bit, had thought of the possible consequences, he might have chosen a different path. He could have saved the lives of thousands of Jews, with little to no danger to his own personal safety, or his family’s.

ProfilingSurveillance: Nothing to hide?

Now, it’s important to remember that you as a citizen usually don’t get to decide what constitutes criminal or suspicious behavior or not. You usually have no say in this matter, and governments habitually move the goal posts during the game. The average Dutchman can be found in well over 5,000 different government databases (link in Dutch). Now, with this much data on 17 million people, the government is bound to make mistakes. Because of the vast amount of information, they have to pattern match and profile you. This often leads to mistakes. If you buy a bag of fertilizer, are you simply a gardener, growing marijuana in your attic or maybe even a potential terrorist? This seemingly innocent act can suddenly raise a lot of flags in the numerous interlinked government databases. These databases aren’t perfect, and more often than not are failing to register the critical bits of context that might explain your behavior. The danger that your actions are registered while missing a lot of context, should be reason enough why we shouldn’t want to expand the surveillance state any further.

Feature Creep

Then there’s the problem of feature creep. When the government proposes a new law that enhances the powers of the surveillance state, they are always keen to solemnly promise to the MPs that these powers will of course only be exercised under strict conditions and regulations, with proper, independent oversight, with a court order, et cetera. In the end, this is almost never the case, and even your common neighborhood cop suddenly has access to sensitive information about you. This is exactly what happened in the case of RIPA (the Regulation of Investigatory Powers Act 2000) in Britain. This was an Act that was passed at the start of the War on Terror, expanding the powers of the British spooks significantly. (It’s interesting to note that a law expanding powers of the spooks has a name that seems to suggest that it seeks to regulate said powers) When it was passed into law, it was supposed to only be used by the spooks, while nowadays, local councils can exercise these powers as well. And this is happening in a lot of places. These dangers are very real, and we need to start speaking up, and start demanding proper oversight for the spooks and the rest of the surveillance apparatus. In the meanwhile, there are a lot of things we can do to at least make their work a bit more difficult. 🙂