Tag Archives: surveillance

Gave Privacy By Design Talk At eth0

eth0I gave my talk about privacy by design last Saturday at eth0 2014 winter edition, a small hacker get-together which was organised in Lievelde, The Netherlands this year. eth0 organizes conferences that aim at bringing people with different computer-related interests together. They organise two events per year, one during winter. I’ve previously given a very similar talk at the OHM2013 hacker conference which was held in August 2013.

Video

Here’s the footage of my talk:

Quick Synopsis

I talked about privacy by design, and what I did with relation to Annie Machon‘s site and recently, the Sam Adams Associates for Integrity in Intelligence site. The talk consists of 2 parts, in the first part I explained what we’re up against, and in the second part I explained the 2 sites in a more specific case study.

I talked about the revelations about the NSA, GCHQ and other intelligence agencies, about the revelations in December, which were explained eloquently by Jacob Applebaum at 30C3 in Hamburg in December. Then I moved on to the threats to website visitors, how profiles are being built up and sold, browser fingerprinting. The second part consists of the case studies of both Annie Machon’s website, and the Sam Adams Associates’ website.

I’ve mentioned the Sam Adams Associates for Integrity in Intelligence, for whom I had the honour to make their website so they could have a more public space where they could share things relating to the Sam Adams Award with the world, and also to provide a nice overview of previous laureates and what their stories are.

Swiss FlagOne of the things both sites have in common is the hosting on a Swiss domain, which provides for a safer haven where content may be hosted safely without fear of being taken down by the U.S. authorities. The U.S. claims jurisdiction on the average .com, .net, .org domains etc. and there have been cases where these have been brought down because it hosted content the U.S. government did not agree with. Case in point: Richard O’Dwyer, a U.K. citizen, was threatened with extradition to the United States for being the man behind TVShacks, which was a website that provided links to copyrighted content. MegaUpload, the file locker company started by Kim Dotcom, was given the same treatment, where if you would visit their domain, you were served an image from the FBI telling you the domain had been seized.

Privacy in danger, but there’s light at end of the tunnel

Note: This article is also available in Portuguese, translated by Anders Bateva.

Last week I read an article about the plan by the National Police of the Netherlands to connect all CCTV cameras to the national camera network which is operated by the police. SurveillanceThe upper echelon of the Dutch police is currently secretly writing their policy document entitled Sensing, in which the definite plans will be written out in further detail. It would be interesting to know the contents of this secret report, since I’m pretty sure all the standard, same old arguments about why this should be implemented will be brought to the table again. They will probably say that it’ll prevent crime and deter hoodlums, etcetera. We’ve read the arguments for it again and again, but fact of the matter is that more cameras doesn’t mean less crime, CCTV cameras have never stopped criminals from committing a crime, they are ineffective, and it’s an invasion to our privacy, especially when it’s all connected into a single, nation-wide network, recording all our movements. It’s the Panopticon! This then gets stored indefinitely, because governments the world over only remember the ‘delete’ command (‘rm -rf’ if you will) when it’s in their interest to delete stuff. All other stuff (like these camera images, but also information stored by our various intelligence agencies, financial information, the sites you visit, your e-mail, call records, medical records, etcetera) never gets deleted. That’s why the NSA is building their new data-bunker in Bluffdale, Utah, to create more storage space so they get to keep storing all kinds of data about our lives that goes over a wire. And our intelligence agencies are all in on it. Dutch Home Office Minister Ronald Plasterk had a bit of a row with parliament, with MPs being angry about a tiny parliamentary technicality, namely that Plasterk lied to them, claiming the NSA collected metadata on 1.8 million phone calls in the Netherlands, while it was in fact our own intelligence service, the AIVD, doing it. The sad thing of our political system is that they put all the focus on this tiny parliamentary technicality, when they totally forget about the big picture, namely that 1.8 million phone calls were being tapped, and that we should do something about this. 1.8 million is an enormous number for a country of 17 million people. Even more scary is that the parliamentary commission which is supposed to provide oversight over the intelligence community, the Commisie van Toezicht op de Inlichtingen- en Veiligheidsdiensten (CTIVD), also known as Commissie Stiekem, had no knowledge about this, and didn’t know that this was even happening. So much for oversight. The problem with oversight over intelligence agencies is that because of the very nature of these agencies they keep their information a secret, and they can lie to our elected representatives with impunity, and there’s no way to check until someone brave enough to blow the whistle steps forward.

This House Would Call Edward Snowden A Hero: 212 yay, 171 nay

Edward SnowdenMeanwhile, at an Oxford Union debate last week in Oxford, United Kingdom, the Union passed a motion to call Edward Snowden a hero by 212 votes against 171. It was a lively debate, both from the members of the proposition and the members of the opposition, and I have to side with the proposition, because without people like Snowden, who has given up his previous comfortable life on Hawaii to blow the whistle, the world would have never known about the crimes of the spies. Eventually there comes a point where you’re asked to forget about it! so many times and about such egregious crimes that you can no longer look at yourself in the mirror any more, and something has to be done, the people need to be informed. During the debate I heard the opposition say that Snowden “violated his oath”. This is an argument that popped up again and again in various articles I’ve read in which people vilified Snowden. In fact, he didn’t swear an oath to secrecy, no-one does. He swore an oath to the Constitution of the United States; to uphold the Constitution. He hasn’t violated the Constitution; the U.S. government and the NSA in particular violated it. Yes spies spy, that’s not surprising, but they claim all is done in the name of national security, when it is in fact often corporate espionage that these intelligence agencies engage in. It’s about making sure the lucrative contract goes to Boeing instead of to Airbus; it has nothing to do with national security, but more with corporate profits. And there’s no meaningful oversight whatsoever: these people lie with impunity. That alone is already endangering our very democracies, having people with absolute power without any form of effective oversight is very detrimental and damaging to our very democracies and free societies. Snowden mentioned that whilst working at Booz Allen Hamilton, he had the power to tap everyone, including the President of the United States. And he wasn’t the only one with that kind of security clearance either. In the United States, almost 5 million people have a security clearance, with more than 1.4 million people having access to TOP SECRET documents. Imagine what kind of information the intelligence community has about the private life of the President and his family, and how a less honest person might use that. It would be easy to blackmail the President into doing the spooks’ bidding! And in the United States, more and more tasks that used to be done by government exclusively (like intelligence), is now being done by companies like Booz Allen Hamilton, or Academi (which I like to call: the company previously known as Blackwater USA). This is a very scary development because these companies have profit as their basic motivation. They do not have our best interests at heart. Lord Acton wrote in 1887:

“Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men, even when they exercise influence and not authority, still more when you super-add the tendency or the certainty of corruption by authority. There is no worse heresy than that the office sanctifies the holder of it.”

Chelsea Manning Receives Sam Adams Award 2014

Also at the Oxford Union last week, the Sam Adams Associates for Integrity in Intelligence awarded Chelsea Manning their award for the year 2014, meant for people who display extraordinary integrity in intelligence. The group and award was named after Sam Adams, a CIA intelligence analyst, who in 1967 discovered that there were far more Communist forces under arms in Vietnam, roughly twice the number U.S. command in Saigon would admit to. This intelligence revealed that the Pentagon was vastly under-reporting the number of enemy forces. But I digress.. Collateral MurderChelsea Manning revealed, by releasing the Collateral Murder video to WikiLeaks, that U.S. forces were committing war crimes. This showed the crew of a U.S. Apache attack helicopter firing away at unarmed civilians, Reuters journalists, and a father who was bringing his children to school and stopped his van to help one of the Reuters journalists who tried to drag himself onto the curb, heavily wounded. The U.S. forces were yelling like it was some sort of snuff video game, it’s absolutely horrific, and these people should be brought to trial and charged with war crimes and crimes against humanity. Because that’s what it is. Chelsea Manning displayed extraordinary courage in releasing these documents, and rightly deserves this award. Meanwhile, I’m looking forward to the day the U.S. government and the crew of the Apache helicopter in question, are indicted for multiple counts of war crimes and crimes against humanity. At which point the United States will invoke the American Service-Members’ Protection Act (also known as the The Hague Invasion Act). But that’s another story.

NSA is coming to town!

I just stumbled upon this funny video made by the ACLU (American Civil Liberties Union). It fits perfectly, and it’s funny to see that when invasions of privacy gets really personal (Santa photographing your face, recording your conversations and rifling through your smartphone), people really don’t like this and some respond strongly, but when the exact same thing is done by some big, anonymous government agency it doesn’t get such a strong response, which in unfortunate. Anyway, without further ado:

Security Measures against Terrorism: Costs v. Benefits

Note: This article is also available in Portuguese, translated by Anders Bateva.

Plasterk in Tweede KamerA few days ago, the Dutch Home Office Minister Ronald Plasterk said in a debate in parliament that he’s apparently OK with the American intelligence community, the NSA among others, to spy on the Netherlands. His reasoning is flawed from the get-go, and went somewhat like this (paraphrased): “I don’t want to say that Dutch citizens may never be spied upon. Because that Dutch citizen can also be a stone-cold terrorist. And it’s good if that terrorist can be found.” Here’s the full quote (in Dutch):

“Ik wil dan ook wel oppassen om in het woordgebruik bijvoorbeeld te zeggen: ja maar, er mag nooit naar Nederlandse burgers worden gekeken. Want die Nederlandse burger kan natuurlijk een keiharde terrorist zijn, en dan zijn we toch blij dat die op een gegeven moment ergens op de rader verschijnt, en dat moet natuurlijk volgens de wetten gebeuren, maar dat die op de radar verschijnt, en dat er vervolgens actie kan worden ondernomen.”

Plasterk later denied saying that, but he did in fact say this during the debate. More evidence can be found here.

Is No Price Too High For Security?

Benjamin Franklin once said something like “They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” This quote has been used a lot, but it is applicable here. The question we need to answer is the following: When do security measures stop benefiting the greater good, and infringe on our privacy and liberty, which are values that used to define our very societies? When does the price we have to pay for that little extra security becomes too great? Combating terrorism certainly seems like a very noble goal, and while I do agree that there are some people out there who aim to change our societal structures through violent methods (although one has to note that one man’s terrorist is the other man’s freedom fighter; the definition of the term is a bit in the eye of the beholder), there does come a point where the price we have to pay for a little increase in security becomes too great, compared to the potential benefits.

Terrorism is Really Rare

Chances Terrorist Attack One thing we have to understand is that acts of terrorism on the scale of 9/11 or the London public transport bombings on 7/7, awful as they may be, are still very rare indeed. Extremely rare in fact. Even President Obama has said so, although he does have an interesting choice of words. The chance that you’re involved in a traffic accident tomorrow are several orders of magnitude greater than the chance that the next aircraft you are in will end up in a building instead of on the runway. This is also valid for other acts of terrorism, not just the ones involving aircraft. And even the TSA agrees now that terrorists are not plotting against aviation. So why do we still have to cope with all the draconian security measures then, if it’s clear that it didn’t help one bit? You see the same thing happening with CCTV cameras. Governments and corporations put these things up everywhere, but there isn’t the tiniest shred of evidence that these cameras actually help prevent crimes. But still the TSA and their European counterparts continue to tell people to leave their water bottles and baby food and butter knifes at the checkpoint. Bruce Schneier put a lot of thought into this problem, and he said that we currently try to protect against specific movie-like terrorist plots, instead of doing a thorough risk analysis and protect ourselves with more generic measures that may actually work against multiple types of plots. Terrorists bring down aircraft, so we increase security at airports; terrorists used box cutters, so we ban box cutters; someone brought a bomb on board hidden in his shoe, so we’re telling people to take their shoes off. These are all very specific actions taken against these types of movie-like plots. The security measures taken here are way too specific to work against anything other than the movie plot attack. As soon as terrorists modify their plan just one tiny bit, the entire strategy to combat them becomes ineffective. Humans are unfortunately excruciatingly bad at evaluating risks, and if you give them a very specific, movie-like terrorist plot, they will rate the risk from that much higher than it is in reality, because of the specificity of the plot. We humans have evolutionary been conditioned to consider specific threats a greater risk than a more general threat. On Wired, Schneier states:

If you’re a higher-order primate living in the jungle and you’re attacked by a lion, it makes sense that you develop a lifelong fear of lions, or at least fear lions more than another animal you haven’t personally been attacked by.

We are conditioned to think: it happened once, so it’s likely that it’ll happen again. And you see politicians using that knowledge to their advantage. It is insightful to consider that most measures we’ve currently taken against terrorism, would never even be considered had the events of 9/11 not happened.

Moving On..

With regard to the comments made by Mr. Plasterk: I think a lot of politicians still think that the United States is one of the ‘good guys’, when there’s more and more evidence coming out that politically speaking, it is not our ally, and certainly not our friend. They serve their own self-interests, just like any other nation on earth, and it’s important to never forget that. I even heard some politicians say that we should demand that Dutch citizens shall be treated the same as Americans under US law. It is laughable to think that the Americans across the pond will say: “Oh no! We angered the Dutch! Quickly change our laws to treat them the same as we treat Americans before they start re-colonizing New York!” At most, what these politicians will get is a nice letter from the US Embassy in which they solemnly promise that it will never happen again, meanwhile not changing their laws or practices in the US. And the NSA happily continues to trample upon their NATO allies’ rights. And our politicians are apparently very happy to accept that. We have to reconsider our position and alliances after the numerous disclosures of classified documents by whistle-blower Edward Snowden. For what good is a friend who spies on you behind your back? President Roussef of Brazil has taken decisive action by severing ties with the United States and even building new fibre optic cable connections that circumvent United States territory. Where is the outrage in Dutch society? Here, AMS-IX (the Amsterdam Internet Exchange, the second-largest Internet exchange in the world), sets up shop in the US, making it subject to the PATRIOT Act. Have these people been living under a rock these past months? Or are there other, commercial interests at play here? We need to start demanding answers while at the same time strengthening our own privacy protections. Privacy is a human right, nothing more, nothing less. We need to start using it, or risk losing it.

Choose Your Friends Wisely: Tracking & Profiling on the Web

Note: This article is also available in Portuguese, translated by Anders Bateva.

A lot of data about you and your Internet behavior gets collected when you simply surf the Internet ‘unprotected’. We are currently living in a time when data profiling and getting to know your customers is getting more and more important. In this article I will explore the consequences of data sharing, browser tracking and profiling on the Internet, why it isn’t a good idea to share too much data about yourself, and some of the things we can do as a community.

Data Collection: What Is It?

There are companies out there, like Acxiom (link to Wikipedia) for example, who live on nothing else but to sell your information to other companies who may find use for it. These companies get their data from you. Your browser, or the social networks you’re a part of. Your movements across the Internet are tracked and recorded as well. One of the most ubiquitous form of tracking on the Internet, next to ad networks, is the tracking done by social networks. These networks have convenient ‘share’ or ‘like’ buttons which Personal data pointscan be found on millions of websites across the Internet. Simply by visiting these websites with an unprotected web browser, data gets sent to these social network sites. Data about your browser brand/make/version, the OS you use, the country you’re from, sometimes even down to the actual locality, but also your IP address and the URL of the site you visited. So they know your actual surfing behavior, since these buttons are found on many sites.  Nearly a quarter of the top 10,000 websites have Facebook integration, for instance.  And this is data from last year, I’m sure the number is higher today. Another way of profiling is done via ad networks. Because it is inconvenient to manage your own advertising when you are just looking to make some money out of your website, this often gets outsourced to companies who specialize in advertising. And these companies will then serve you ads from their servers when you visit a site that is using it. Because this is all a single point where this data gets collected and indexed, you can imagine that these companies know quite a lot about peoples’ surfing behavior. And this collecting of data, the profiling and tracking of people across the Internet gets done without your knowledge or consent. Now, of course they claim that this is done to better target their ads, so you get served ads aimed specifically at your current interests and your geographic location or linguistic background. And this is true, the more they know about you, the better they can target ads. But this information is worth a lot of money to marketers, who are always on the lookout for ways to target and market their products to just the right audiences, because this will increase the likelihood people will click on their ads and buy their stuff. And this information gets collected centrally, at only a few companies who specialize in this. Most of us make use of content delivery networks hosted in the United States, implement social media integration et cetera and are thereby facilitating easy data collection by these companies. This centralization means that there are only a few companies out there that own a majority of the market share in this business. You can imagine that the amount of data they collect about a single person is quite substantial indeed. And of course, intelligence agencies like the NSA have access too, as seen by the revelations done by Edward Snowden in recent months. Many people don’t know the sheer extent of the data collection done, and the potential consequences that it can have if it’s misinterpreted.

Consequences of Overzealous Data Collection

HAL9000The main problem with data collection is that data is often misinterpreted, interpreted without context, and there can be serious consequences if this happens to you. The companies using your data infer certain things about you and your behavior based on this data alone. They profile you. However, their assessment is often wrong. The more data you share, the more problematic this can be eventually. A recent example of a serious consequence is that having certain friends on Facebook can actually change your credit score. These companies base this credit score correction on your friends on Facebook. So if you have a lot of friends with questionable credit histories, you may be denied a mortgage or a credit card. Even when you always make sure you never miss a payment. Search engines knowing your search history have access to something very private indeed: you are revealing what you think at that very moment. What things you are likely interested in. This is exactly the reason why this information is so valuable in the hands of advertising companies, so they can adjust their campaigns to make it more likely that they’ll persuade you to click one of their ads. Insurance PremiumSearch engine history also shares your mental state at that very moment, which, together with information on the groceries you buy at the supermarket for instance, can be very valuable information to your health insurance company. It is not inconceivable that insurance companies will be adjusting your premiums based on the food you eat, whether you have a gym membership, whether you smoke or drink alcohol, or whether your search engine history shows that you have an increased risk of depression. Do we really want that? This can potentially lead to some very bad consequences indeed, not just financially. You can also imagine health insurance companies rejecting you for insurance because of your unhealthy lifestyle, car rental companies rejecting you because of the recent fines you received, et cetera. These conclusions get drawn without our knowledge or consent; usually we don’t even know where these companies get the data on which they base their decisions from, and there’s not much we can do about it. The only way to prevent this is by starting to become more aware of what your data is worth to someone else, why it is in their interest to have access to this data, and whether you really want to give them access. And, on the other hand, by starting to think what we as programmers and hackers can do ourselves, by starting to build systems with privacy in mind from the start.

Privacy By Design

What we need to better protect our privacy on the Internet, next to browser add-ons like Ghostery and NoScript, is a change in mentality. We need systems that are built from the ground up with privacy in mind: privacy by design. Think about how much data you really need in order to complete the task at hand. When you’re building forms for your users to fill in, don’t require them to fill in data that isn’t absolutely necessary to complete the current task. So don’t ask your customers for a phone number when an e-mail address will do. Don’t ask them to put in their mail address when you don’t need it to send packages etc. Don’t ask them for their real name either when this isn’t necessary (and usually it isn’t). The reason why we want to limit available data is because this data can come back to bite you later on, as I’ve explained above. This will also protect your business more against cybercriminals looking for personal data to steal, as they cannot steal what isn’t there. Identity theft will also be harder when you’re very selective with who you share your data. If we teach people how to protect their data on the Internet, how to be ‘street smart’ on the Internet so to speak, we will increase their overall security on the Internet, and this is something that is very much necessary nowadays.

At the Crossroads: Surveillance State or Freedom?

OHM2013

When I went to OHM2013 last week, it was great to see such increased political activism from the hackers and geeks at the festival. I truly believe we are currently at a very important crossroads: either let governments the world over get away with crimes against the people’s interests, with programs like PRISM, ECHELON, TEMPORA and countless other authoritarian global surveillance schemes, or enter the path towards more freedom, transparency and accountability.

A good example of what not to do is Google Glass. A few weeks ago I came across the story of a hacker who modded Google Glass as to allow instant facial recognition and the covert recording of video.  Normally you need to tap your temple or use voice commands to start recording with Glass, all of which are pretty obvious gestures. But now people can record video and do automatic facial recognition covertly when they wear Glass. I even saw that there’s an app developed for Glass, called MedRef. MedRef also uses facial recognition technology. This basically allows medical professionals to view and update patient records using Glass. Of course having medical records available on Glass isn’t really in the interests of the patient either, as it’s a totally superfluous technology, and it’s unnecessary to store patient records on a device like that, over which you have no control. It’s Google who is calling the shots. Do we really want that?

Image above © ZABOU.

Image above © ZABOU.

As hackers, I think it’s important to remember the implications and possible privacy consequences of the things we are doing. By enabling the covert recording of video with Google Glass, and also adding on top of that, instant and automatic facial recognition, you are basically creating walking CCTV cameras. Also given the fact that these devices are controlled by Google, who knows where these video’s will end up. These devices are interesting from a technical and societal standpoint, sure, but after PRISM, we should be focusing on regaining what little we have left of our privacy and other human rights. As geeks and hackers we can no longer idly stand by and just be content hacking some technical thing that doesn’t have political implications.

I truly and with all my heart know that geeks and hackers are key to stopping the encroaching global surveillance state. It has been said that geeks shall inherit the earth. Not literally of course, but unlike any other population group out there, I think geeks have the skills and technical know-how to have a fighting chance against the NSA. We use strong encryption, we know what’s possible and what is not, and we can work one bit at a time at restoring humanity, freedom, transparency and accountability.

These values were won by our parents and grandparents after very hard bloody struggles for a reason. They very well saw what will happen with an out-of-control government. Why government of the people, for the people, and by the people, is a very good idea. The Germans have had plenty of hands-on experience with the consequences as well, first with the Nazis who took control and were responsible for murdering entire population groups, not only Jews but also people who didn’t think along similar lines: communists, activists, gay people, lesbians, transgenders, etc. Later the Germans got another taste of what can happen if you live in a surveillance state, with the Stasi in the former East-Germany, who encouraged people to spy on one another, exactly what the US government is currently also encouraging. Dangerous parallels there.

But you have to remember that the capabilities of the Stasi and Gestapo were only limited, and peanuts to what the NSA can do. Just to give a comparison: the Stasi at the height of its power, could only tap 40 telephone lines concurrently, so at any one time, there were at most 40 people under Stasi surveillance. Weird isn’t it? We all have this image in our minds that the prime example of a surveillance state would be East-Germany under the Stasi, while they could only spy on 40 people at a time. Of course, they had files on almost anybody, but they could only spy on this very limited number of people concurrently. Nowadays, the NSA gets to spy continuously on all the people in the world who are connected to the internet. Billions of people. Which begs the question: if we saw East-Germany as the prime example of the surveillance state, what do we make of the United States of America?

The Next Step?

I think the next step in defeating this technocratic nightmare of the surveillance state and regain our freedom is to educate others. Hold cryptoparties, explain the reasons and need and workings of encryption methods. Make sure that people leave with their laptops all configured to use strong encryption. If we can educate the general population one person at the time, using our technological skill and know-how, and explain why this is necessary, then eventually the NSA will have no-one to spy on, as almost all communication will flow across the internet in encrypted form. It’s sad that it is necessary, really, but I see no other option to stop intelligence agencies’ excess data-hunger. The NSA has a bad case of data addiction, and they urgently need rehab. They claim more data is necessary to catch terrorists, but let’s face it: we don’t find the needle in the haystack by making the haystack bigger.

My Privacy by Design Talk at OHM 2013

OHM2013Last week I’ve given a talk about privacy by design as it relates to websites at Observe, Hack, Make (OHM) 2013, a quadrennial geekfest and hacker/maker event held in the Netherlands. It’s one of the biggest hacker festivals out there, with 3,000 people that have descended on the festival grounds, and it’s great fun and a great place to meet people, hackers, makers, thinkers, and media people. It’s been somewhat of a Dutch tradition to hold these events every 4 years.

The video will be uploaded as soon as it becomes available.

I’ve designed and developed Annie Machon’s website in May 2012. This site used to run on a closed-source Typepad solution, and Annie wanted to move her website to a more open solution, for which we’ve settled on WordPress. Also, she wanted to move away from the .com domain for reasons of domain jurisdiction. You see, when you operate a .com, .net, .org etc. these domains can be easily seized by the American government if you’re doing something that may upset them. This has happened to MegaUpload, to Richard O’Dwyer’s TVShacks, the examples are legion. This can be really damaging for your reputation, so it’s important to make sure that you’ve set up your infrastructure to resist attacks like these as much as feasibly possible.

I’ve also modified Annie’s WordPress site as to prevent browser tracking as much as possible, allowing people to visit her site without fear of their movements being tracked. Normally, your website visits get tracked if the websites you visit implement things like Facebook Like buttons, etc., which reference Trackingexternal scripts and images that will tell these third-party services what your surfing behavior is. This is obviously not something that we would want, we want an open, free web, that’s easy to use, by which it’s easy and natural in fact to share information, without having to fear that we get tracked and profiled. With browser tracking a lot of information about your browser gets sent to companies like Facebook. Things like IP address, browser brand and version, the country you’re coming from, etc. These parameters are all used to connect this data together and build up a profile in this way.

Synopsis of My Talk

This talk is about the possible conflict between getting your message out there, and trying to maintain your site visitor’s privacy. This talk will highlight some of the issues that need to be taken into consideration when building websites for whistleblowers with high security & privacy needs.

This talk is about the conflict that can arise between getting your message out there, and trying to maintain your audience’s right to privacy. In the last couple of years, with the dramatic increase in the use of social media, often one of the most effective ways of spreading your message to a large group of people has become to foster a community using existing social networks, like Facebook or Twitter.

The problem with using these services is that, while convenient, they also snoop on your audience’s private data. These companies make their money by creating and selling detailed profiles to marketers, to that they can effectively target their ads. Often these services run their own ad service as well, as is the case with Facebook and Google. Later on, this data can come back to hunt you. Let’s say you’ve been searching on Google for some serious illness or disease. You can imagine what your health insurance company would do, had it access to this information. Up the premiums or deny you insurance altogether.

Sander Venema was asked by Annie Machon to redesign her website in early 2012. We took special care in avoiding common traps that can compromise the security and privacy of the site’s visitors when designing the new site.

In his talk, Sander will talk about the special considerations that come with building websites for whistleblowers with high security & privacy needs, both for the owner/operator, and the visitors of the site; discuss what the problem points are, and how we worked around them to create a website that is both pretty, usable and as safe as possible. He will also talk about domain security and governments claiming jurisdiction over a domain name, even if the actual server is not located in their country and the site isn’t aimed specifically at their citizens. There have been several cases in the past where websites have been brought offline because of this.

Ubiquitous Tracking by Big Mega Corporations and What We Can Do About It

Nowadays, if you surf the web like any normal person, chances are your movements on the internet will be tracked. There are a lot of companies tracking you and building detailed profiles about your behaviour on the internet. With all the news about the revelations of Edward Snowden about the mass surveillance going on by the NSA, GCHQ and other Three-letter agencies, you might almost forget that there is a whole world out there with various corporate entities who also build profiles about you, either with or without your knowledge and consent.

Why big corporations are tracking you and building profiles about you

Profiles about your Internet behaviour most often get built by simply surfing unprotected, with your browser executing any and all JavaScript that it comes across, which usually does some data collection about your browser and operating system, which then gets sent back to third-party advertising networks who make money building profiles about every user on the internet. Now, of course they claim this is done to better target ads, so you get ads aimed specifically at your current interests and your geographical location or linguistic background, for instance. You see, when you search for something on the internet, you are revealing something very private indeed: you are revealing what you think at that very moment. What things you are likely interested in.

Google Anatylics Dashboard, giving an impression of things it can track.

Google Anatylics Dashboard, giving an impression of things it can track.

This information is worth a lot of money to marketers, who are always on the lookout for ways to target and market their products to just the right audiences. Knowing exactly what people are up to and what their interests are is something marketing departments the world over crave. For if you know exactly what your audience’s interests are, you can tailor the marketing of your products to exactly fit their needs, leading to more sales. Selling access to this information is Google’s main profit model. The major problem with this data collection is that it is all happening without our knowledge or consent. There are only a few large companies in the world who hold a virtual monopoly on acquiring a lot of data about people via the internet. An example would be Facebook; a lot of sites on the internet (tens of millions) have a certain link with Facebook, via their share buttons. Because these buttons are so ubiquitous, found on almost every other site, this causes Facebook to know quite a bit about your surfing behaviour, even if you’re not a Facebook user. Your data still gets collected and stored in a shadow profile, where it is then of course susceptible to acquisition by government agents as well.Filter Bubble

Major problems with personalized results

As more and more people discover their content and news through personalized feeds like those found on Twitter and Facebook etcetera, the stuff that matters gets pushed off the feed. People who live in the filter bubble, a term coined by Eli Pariser, can easily miss vital information about certain major events. I’ll give an example. During the Egyptian Revolution of 2011, two people may be getting two completely different results on Google. One, who is more interested in holidays, according to the profile built up by Google, may be getting more links in the search engine results page (SERP) about holidays to Egypt, and miss news about the revolution completely, whereas someone who is more politically active, may only get links to news sites with articles about the revolution. This is already a major difference in the results you get. You may be under the impression that the results generated by Google are the same for everyone where, evidently, they are not. They are generated based on your personal interests, information you and/or your computer shared with Google. The question is: is it really always a good thing that we only get to see stuff we are interested in? And that some big mega-corporation like Google is deciding that for us? This way we may miss vital information, as the information that reaches us gets censored transparently, without our knowledge or consent. If we only get our news from personalized news feeds like those provided by Facebook, Google and Twitter, we may miss out on a lot of information. Therefore it is prudent to always use as many different sources of information as possible, so efforts to filter our results and trap us in the filter bubble have as little effect on us as possible.

Steps we can take to arm ourselves

There are various things we can do to arm ourselves against tracking by and building up of profiles. First step is using a common browser. This may sound strange, but let me explain. There’s this tool written by the Electronic Software Foundation called the Panopticlick. With this tool you can check all kinds of information about what kind of fingerprint your browser leaves behind, and with how many computers it shares that fingerprint. By having a very large pool of potential computers, all with the same browser fingerprint, we make it harder for companies to track our movements on the internet, as the pool of possible targets will be larger. Browser fingerprinting Cookie Monsterworks without cookies, so it’s a big threat to your online privacy. In terms of browsers, Firefox is a good one. Chrome not so much, as it’s sharing information about which sites you surf with Google. I also recommend Firefox not only because it’s open source, but also because of the vast repository of add-ons available for it. Make sure you disable the setting of third-party cookies. Secondly, it helps if we install browser add-ons like Ghostery, NoScript and AdBlock Plus. These add-ons will specifically disable any Javascript tracking going on, either by completely disabling JavaScript completely (in the case of NoScript), or by having a list of common advertising companies and other various trackers, which it specifically blocks (in the case of Ghostery). AdBlock Plus removes all ads from the websites you visit. They don’t even get loaded. JavaScript is a programming language, with which we can do a lot of cool stuff and make web pages seem more responsive, have our webapps feel more like desktop apps, etc. A lot of stuff is possible with JavaScript. This is in part because it most often gets executed on the client, not on the server. Every browser capable of running JavaScript basically has a virtual machine like Google’s V8, or something similar with which it can run JavaScript. The problem is that with JavaScript the script writer can also get a lot of information back from the browser, and all kinds of nifty hacks are possible if JavaScript is enabled. So disabling JavaScript wherever possible is a very safe thing to do. And with NoScript, you can still enable JavaScript on a per-domain basis as well, if you need it. This will already prevent a large part of the tracking stuff from ever loading on your computer. Other add-ons like RefControl (which will forge or block the HTTP_REFERER header from your browser) also work to enhance your privacy. By reading the HTTP_REFERER header, a site can normally see from what site you came from, and by blocking or forging this header, we don’t reveal any information about our surfing behaviour in this way. HTTPS Everywhere is a good addon to have as well, as it enforces HTTPS (secure, encrypted) communications on sites that support it. Some sites, like Facebook for instance, do support HTTPS communications, but redirect all their links to the insecure HTTP variant. By installing HTTPS Everywhere, which is written by the EFF, we force sites like these to use HTTPS all the time. To check with what sites your browser has shared information about you, you can install Collusion. With this add-on, you can open up a tab with information about which sites you have visited during your browsing session, and with which sites your browser has shared information. This is often substantially more than the sites you actually visit. Many sites for instance use advertising networks, which load their ads from another domain, and data about you gets sent to these networks to track and profile you. To see whether and to what extent this is happening to you, you can install Collusion. To get better protection against tracking, we can change our surfing behaviour by avoiding certain US companies like Google for instance. You can instead search the internet using Startpage. Startpage uses the Google engine, but strips all identifying information from the request before it sends it off to the Google servers, allowing you to search tracking-free. They also don’t store any logs whatsoever, and they use encryption by default.

Right, am I done yet?

The tips above are only good advice in general, and will protect against most profiling attempts by advertising and other profit-oriented companies which try and sell your profile to their clients, but won’t protect you against a determined, well-financed adversary like an intelligence agency. For this, you need to encrypt the hell out of your life, and use crypto like AES, etc. (VeraCrypt) and PGP (GnuPG) as much as possible. Why should we be making it easy for the spooks? In that case, you might also read up on VPNs, and check out the Tor network (but keep in mind that many exit nodes are run by intelligence agencies, so always use end-to-end encryption (e.g. HTTPS) when using Tor). In this case, also try to avoid using any service made available by any US company whatsoever. Think SAAS providers, cloud services, etc. Because of the Patriot Act, US government agencies (and of course, through them, other, foreign intelligence agencies which cooperate with the Americans) can easily request any and all information some company with US ties stores about you. So try to avoid that as much as possible in this case. This is the reason why I’ve moved my online persona to Switzerland, and also running my mail on a mail server that I control. Also think about the security of your devices, and only run free software, so there’s less chance of a back-door hidden in the software you use. But you can read up more on the measures you can take when you’re up against a more powerful adversary. But with the above tips, you’ll be well on your way to better securing your communications. Notice: The above article also got published on UKcolumn.org. While I am very happy with the syndication, I don’t agree with everything published on UKcolumn.org.