Practical Internet privacy, Part 2-LewRockwell

December 1, 2009

Practical Internet Privacy – Part 2

Paul Green (Practical Internet Privacy)

Lew Rockwell: November 26, 2009

http://www.lewrockwell.com/orig9/green-p3.1.1.html

I am glad so many found the article “Practical Internet Privacy” helpful. Thank you for the email. Many also mentioned the earlier article on ethical problems with intellectual “property” – some even professed to a “conversion” on the matter… In line with this, I am pleased the privacy article has been copied far and wide on blogs and newsletters. But please note that I have no connection with “PrivacyWorld”, who credited themselves not lewrockwell.com – leading others in good faith and better manners to credit them. The same goes for another “anti-illuminist” site which replaced links with MLM junk – leaving my name on it. Always check your sources…. Here then, are some more internet privacy related tips, extras, and favourite solutions. Remember that the idea is to maintain “two sets of books” – that you don’t need or even want everything you do to be private: Internet Privacy Recap For those things you do want to “privatize,” here are the basics again: Start by making sure your computer is clean from viruses, spyware, junk background programs, and junk files like cookies and other web-bugs. Get rid of bloated security suites – the best stuff is free. “Anonymize” your internet activity by tunnelling it elsewhere through a VPN privacy service. Choose a service that keeps no logs. Preferably use a server outside your state, country, or political bloc. Set up new accounts for email, internet phone calls and anything else through this service, using generic personal information. Use free services, or pay with cash, money orders, prepaid vouchers or pseudonymous prepaid cards. In this way, you can take control of your “data trail” or “data dossier”– the sum total of what converging databases, retained logs, and available government and private records hold about your life. With Google (backed by the NSA/CIA), Facebook, banks, cards, telcos and internet providers all helping to build up that profile for the state anyway – you can choose what they get and what they don’t. State-of-the-Art Surveillance In the US, it is possible that a small independent internet provider might not be retaining or passing on your data – certainly a privacy advantage, if available. But the big players, including their local affiliates, certainly do. They still have “NSA rooms” and most of what they did illegally has since been legalized, together with retrospective immunity. However, technology is now making even this obsolete. Surveillance is morphing into little more than a bump on a fibre optic cable: Most internet traffic passes through a relatively few exchange points and, internationally, there are only about 30 main fibre optic highways. Maybe you remember last year, when millions had their internet cut off due to mysterious cable damage? It is a simple matter to tap fibre optic cables at key points and from there via dedicated cables, send traffic straight to the NSA. This agency has at least three major supercomputer data centres. One reportedly takes up 6 acres underground, with the latest in Utah taking up a million square feet. A CNET surveillance article here is supported by up-to-date tech details here from a presentation at this year’s Black Hat security conference. The analysis is good – but I doubt if, in practice, surveillance is so well implemented. Super secrecy – aside from helping cover-ups – helps to create an exaggerated aura of invincibility. The good news is that governments are not omnipotent. In that regard, they are merely significant but also incompetent wannabes – and thank God, always doomed to failure sooner or later. Our job is to make it sooner, while in the meantime treating them as obstacles to be overcome. Here is one way: Bypassing Censorship Military, government and big corporate environments often block access to unapproved websites – with Australia, China and some other governments even filtering their whole countries. On a public or shared computer in some of these places, you may not be able to install a VPN connection. So here are some other practical ways around censorship: Website names work very much like a phone directory – the name is used to look up the actual number (“IP address”). Censorship often targets these directories (called Domain Name Servers – “DNS”). So, one trick is to access a website directly through its IP address and not use the name. For example, “lewrockwell.com” is really 216.92.238.25 – just put that number in your browser address bar and see. To use links, you would need to overwrite the “www.lewrockwell.com” bit with “216.92.238.25”. So, a link to the earlier article would be http://www.lewrockwell.com/orig9/green-p2.1.1.html but it would also be http://216.92.238.25/orig9/green-p2.1.1.html Another easy way to bust the censors is to visit www.microsofttranslator.com and enter the banned website address there. Click on Translate, from English to English, and there you are – the “translated” website appears, links and all, with nobody any the wiser. Try other translators if that one stops working. But, what if they have filtered not just the main web address, but even any reference to the site? Well, you would normally avoid government-funded freebies that log everything. One such service is Ultrasurf – linked to the Falun Gong run GIF Inc, and headed by an NSA scientist to break Chinese censorship. But here, your only objective is to get through from a public military system or library. So why not let military socialism, corporate fascism and Chinese communism fight it out – while you pass through the midst of them? Ultrasurf is fast, and does get through – one click and a new censor-busting browser window will open. All tracks – at least at your end – are wiped when you close. Lastly, there are many free “anonymous” web-based proxies available, such as the one used in the Sarah Palin hack described next. Some may be blocked and to get through, you might need to choose an SSL (secure) one. Just don’t expect it to be fast and don’t rely on any privacy promises. The Great Sarah Palin Email Hack Apart from hitting the news, the real greatness of this hack is as a text book example of what not to do. It happened a year ago, but I only recently came across how it was done: Here are the details. Sarah Palin used Yahoo email. She followed all their “security” steps and answered all their intrusive personal “security” questions accurately – and it got her hacked. Her personal security information was actually public information distributed all over the net. The one good thing she did (we are told) was to use the email for only trivial email content. The hacker was very easily found. This is partly because the “free anonymous proxy” service he used kept logs. Plus, his own personal info was all over the net. I almost felt sorry for the lad – not only in hot water with his State Representative father, but also unanimously derided by his peers (for getting caught). And now the hypocritical state is prosecuting aggressively. Data Backup Privacy Here is a privacy tip for international travel: Maybe you don’t need to transport sensitive data at all. With UltraVNC installed, you can access your main computer from a normal web browser anywhere in the world, on any computer. Just enter the main computer’s IP address, followed by your chosen password, to use it via the remote computer’s keyboard, mouse and screen. The connection can easily be encrypted, you can transfer files and you can chat. I also use this for small business customers so they don’t have to go in to the office as much. It is quite easy to set up, but non-tech users might need tech help to set up their router (tech-talk: forward port 5800 – that’s it). Another tip in case a computer with sensitive data is stolen, including by customs, is to remember that deleted files remain intact on your free disk space for some time, and are easily recovered. To prevent this, CCleaner has a setting to securely empty your recycle bin (Options>Settings). Also, the main window has a tick box for an occasional secure wipe of all free disk space. A single or three-pass secure wipe should be more than enough – any more will take ages. The “geek mythology” that more are needed at least seems to be busted. With Windows, Mac, or Linux, encrypting the whole system disk can be done – but is inconvenient, degrades performance, and increases the risk of data loss in the event of system or disk problems. There is also the trend in the US, UK and other places of demanding passwords under penalty of imprisonment. Instead, you could work on or save critical data only on removeable storage. Windows users can encrypt using Truecrypt. CCleaner can securely delete files on both system and backup drives. For backup, the tiny concealable “microSD” cards are ideal – here are inexpensive 8Gb or 16Gb options, with USB adapter kit included. Internet Shutdown In the US, a bill is being pushed right now to enable a complete internet shutdown. Other governments have bestowed on themselves similar “emergency powers”. However, this would also hurt government and associated big corporate interests. Therefore, except in a very worst-case scenario, blanket shutdowns are likely to be temporary, or only targeted at certain areas. In which case, one answer might be satellite access – billed to an outside address, of course. Or, if landline phones still work, there are numerous free (call cost only) dial-up internet numbers. These are accessible internationally, often with no signup needed. It is outdated, slow and costly but does work, even with a VPN – making it also a privacy option of last resort. Some are suggesting a return to the old BBS pre-internet communication system, which is a good idea, but still depends on a functional phone line. An alternative might be a wireless mesh network linking wireless routers, either independent of any broadband provider or sharing a single satellite uplink. Directional antennas can extend wireless range to a half mile – or even much more. Wireless amplifiers are also available, or routers like the Linksys WRT54GL can be upgraded with firmware to boost power output. If all else fails, it’s back to carrier pigeons – with memory sticks or SD cards…. Privacy and Security Bloated Windows “security suites” are widely promoted because major magazines, websites, retail stores and manufacturers all get advertising revenue and/or a commission on the annual fee. Particularly avoid manufacturers like Packard Bell, who even remove the uninstaller (use the removers I linked to). They make nothing from the much better but free products (with optional upgrade) like Antivir, CCleaner, Malwarebytes and Spybot. As I write this section, within the last three working days I have twice solved major problems primarily by removing Norton. Today, I had the same thing with the “Kaspersky” security suite – and not for the first time. One more Windows privacy and security tip: In addition to the simple cleanup steps I outlined, techies often use a program called “HiJack This!“. Proceed at your own risk. Leave any antivirus entries (or install that afterwards) and anything called “lexbce” alone. Start-up entries can be thinned down to less than a dozen – far less than in the above video. Privacy, Security and Windows/Mac/Linux They are all useable for internet privacy purposes. Viruses do occur on Macs, but only Windows really needs an antivirus program. Windows currently represents 92.54% of computer users. Except for one Vista laptop, the eight computers in my own large household are all XP. Microsoft may rightly be unpopular, but XP is fast, works with everything and has the biggest choice of software – official and unofficial. Virus or spyware problems are for us extremely rare and easily dealt with. Although Microsoft is receiving NSA “assistance” yet again, Windows 7 is at least better than Vista – any NSA “backdoors” or “watermarks” would soon be uncovered, and cause an immediate outcry. Avoid the 64-bit version, for a year or two at least. Mac users generally get to enjoy “security through obscurity”. In other words – they are too few to target. But Macs do go wrong and it can be more serious: Experienced help is harder to find, much more expensive, you may have to wait longer for it, and it may be harder to recover vital data. You also have less choice of both hardware and software – with fewer games for the young at heart being just one example. Having said all that, it may suit your needs exactly and, for many, a Mac is a pleasure to work with. A Mac may put a spring in your step and not just because of a considerably lighter wallet…. Linux had a promising boost on early netbooks, which then shocked Microsoft into competing. Sadly, the reverse legal environment and mostly volunteer base have made it the “too many cooks” OS. Except for business servers, it can often be a case of one geek proving his worth to another – with little market pressure to please users. Then, the already steep learning curve goes vertical when you have a problem. You are less likely to have virus problems than even a Mac, but more likely to have operating problems. Despite this, there are many variants. One great distribution is called “Dream Linux“, with an attractive, user friendly, Mac type appearance. Then there is “Ubuntu” – by far the most popular flavour of Linux. The best branch of this may be the semi-commercial Linux Mint, which has a good non-IP based business model, that would probably be standard were it not for the pro-IP legal environment. With most Linux distributions, you can safely start up your computer from a “Live CD” and get a foretaste – before deciding whether to actually install from the same disc. You might really like it. VPN Services Having taken some time to select VPN services for myself, the one service I can definitely recommend is www.perfect-privacy.com. There are many others, including some to be avoided: This is a long list of VPN services and here is another with some good comments amongst the spam. CryptoCloud seem to be sound, have a healthy attitude towards IP legal threats, but use a non-published modification of OpenVPN. Xerobank, Cryptohippie and Metropipe are all loosely associated with the old Laissez Faire City DMT/Alta. Check the reviews, but they may be OK. I still like SwissVPN but they are in the Swiss surveillance net, do keep logs and don’t allow file sharing. There is also a limited free service called Alonweb – but they are very new. Services like the Swiss TunnelDrive use a type of VPN called PPTP or “poptop”. For basic privacy this is fine – it would take hours or days of focused effort to crack, though it can be done. There is a post to solve a couple of PC security problems with this type here. I recommend you avoid the US-based “StrongVPN” (terms of service, logs). Particularly avoid “Securenetics”, as it is almost identical to “FindNot” – which recently disappeared along with customers’ money. There is another free service called “ItsHidden”, but the hosting location suggests it may be set up to create a cloud of users to cover extreme porn. Note that, although preferable, it is not essential to pay for a VPN privately. The VPN service will get your real IP address anyway, and your internet provider will see the VPN connection also (though nothing else). PayPal or a third-party card payment service should be OK. There is no reason to directly supply a VPN service with any personal details, of course. Earlier, censorship using website “Domain Name Server” lookups was mentioned. I want to emphasize that these “DNS” lookups also lend themselves to surveillance of the websites you visit, even if you have a VPN active. So for Windows, common Linux distributions, and under some circumstances Macs – do make sure you check your VPN connection for “DNS leaks”. Details, tests and recently updated fixes are here: OpenVPN, and PPTP. On privacy related forums, setting up a personal VPN is sometimes mentioned. The problem with this is the loss of any “crowding” effect: Normally it would be difficult for targeted surveillance of a VPN server to match incoming and outgoing connections. But with a private VPN, it is easy to identify the source of the single incoming connection and to monitor all outgoing connections. File-Sharing Privacy Very nasty plans indeed are afoot to enforce copyright on the internet. However, in response to this kind of threat, the VPN market has recently been boosted by file sharers. This is good news as it means more choice and a bigger crowd to get lost in. Other than by using a VPN, a good file sharing defence would be an unencrypted wireless router which anyone could have accessed. Young file sharers in France are currently promoting open wireless nationwide to foil legal attacks. Information Often, this is not as risky as the media will tell you, because the media/IP complex desperately wants all activity uniquely identified. For a targeted company or in a built-up area, caution is advisable. Otherwise, it may be more likely that a computer is stolen than a white van parked outside, hacking it for hours. Some routers now have an isolated open Wi-fi hotspot option, to share a fixed portion of available internet bandwidth – an ideal solution. One interesting new development to watch is the emergence of encrypted anonymous file sharing, by using a program called Anomos. Phone Call Privacy Here are two good alternatives for making private landline or mobile calls over the net: With laptops, usually your internet connection will be wireless. This means you can plug an IP phone (reviews here) into the unused network socket for Internet Connection Sharing (Control Panel> Network Connections> “Set up a home or small office network”). You might need a special “crossover” type cable. As a privacy safeguard, only plug the IP Phone in after your VPN is connected, or make sure a button needs to be pressed before the line goes live. On my own system, I just plug in a USB phone or headset (alt.). My daughter uses this USB cordless phone (alt.). Don’t run the CD – these particular USB phones just plug in and work fully with the “X-Lite” free soft-phone (alt.). Note: When installing X-Lite, disable “Run at start-up”. Always start manually, after the VPN is connected. I actually did a US radio interview recently using this setup, through a Luxembourg VPN. The studio called up my anonymous international number and it worked for an hour as well as any normal phone call. In this scenario, possible privacy concerns are a lower priority, and Skype might have been preferable, for higher audio quality. Note: Sign up and use Skype only with a VPN, turn off the “Run at start-up” option and only start manually after your VPN is connected. There is one more option for internet calls: Some IP phones actually incorporate a VPN connection. They are not commonly available, however. Snom phones are expensive and require technical know-how, but the 800 series can establish OpenVPN connections. Other, mostly Chinese, phones include the ability to connect using the simpler PPTP type of VPN. There is one model available in the US and Europe. Internet Call Providers For internet phone calls, you will need a call provider. Layers of privacy here can include: private payment, calls routed through another country or political region, privacy standards within that country, using a VPN service with no logs, and optionally, further call content encryption. For both sides of the Atlantic, I like the call provider Link2Voip. They are Panama owned, with a base in Canada and offices in the US. They have call servers in Canada, Dallas, Panama and Amsterdam (okay for northeastern US). Call prices are very good. They do have to log outgoing calls to charge you, but there may be some protection in the Panama legal base. However, for real privacy, pay with a money order and be virtually anonymous. Best of all, having written most of the above recommendation already, I discovered Link2Voip day-to-day management is in the hands of a regular LewRockwell.com reader. In Europe, USD/CAD money orders are not obtainable (strangely, except in Albania), so here are some other options: 10876.ch is Swiss-based and like Nomado in Belgium, you can pay for calls using an anonymous “Paysafecard” voucher, obtainable across Europe (and in Mexico). “UKash” is a similar European (and Canadian) payment service that can be used for a number of internet call providers. Most are “Betamax” resellers, but Xeloq is one good independent service based in Amsterdam. Most VoIP services in Switzerland (like Peoplefone, Sipcall, NetVoip) can be paid over the counter at any Swiss Post Office. A day trip to Switzerland might be well worthwhile to fund a private number, outside the EU. (Note that “Switzernet” actually uses French call servers.) Switzerland does have a surveillance system called Onyx but, at least officially, it is not tied to the EU or Echelon. With the premium version of X-Lite (“Eyebeam”) and other software or IP phones, you can have two or more lines. That means one account with a phone number could be used for incoming calls, while another without a number, could call out. So, if you obtained a free US (alt.), UK, IT or worldwide (alt.) incoming number, you could then use any other outgoing call provider. Operation is seamless in practice, and the separation offers even greater privacy. Often you can set your own outgoing caller ID – or turn it off completely. Mobile Call Privacy Here, using the iPhone with Wi-fi remains a favourite option – preferably with GPRS and the cell connection disabled. The new iPod Touch models are almost identical to the iPhone. They still do not have a built-in handset, but do now come with a separate wired headset/mic as standard. There are some new apps available to make SIP calls: Check out iPico, Acrobits, and note that SipPhone has been renamed to iSip. Hp iPaqs can work well also, and the newer 210 series can be used as a normal handset. The front speaker/earpiece it is not officially supported, so it needs a simple fix, which also solves other reported audio problems. Several new Android smartphones are set to break on the scene this year. Android does include a VPN client and SIPdroid is free SIP internet calling software. Remember, unless at a random Wi-fi hotspot, you would use these phones only after connecting with their internal VPN. Be sure to take the more basic precautions also. The Draytek 2820Vn router is a simple, always-on, VPN router for a whole household or office. It could maybe even fit in a laptop bag for travelling. With all features in one place, it is not expensive for a complete solution. There is little retail presence in the US (www.draytek.us) but it is on Amazon. Or, Broadbandbuyer UK will ship to the US and Europe. You can connect to any of four broadband sources: wired network (workplace, existing modem/router etc.); ADSL (broadband phone line); wireless USB cellular broadband; plus, it can even connect to a nearby Wi-fi signal. Any or all computers in your house or office can be plugged in, or connected to it via wireless. There are two internet phone sockets for use with regular (inc. cordless) telephone sets. All calls can go out via the VPN connection and it additionally offers encrypted calls, including ZPhone. It does use the simpler “PPTP” type of VPN, which is fine for avoiding routine logging. Individual computers can still connect through it with their own OpenVPN connection. It will require at least basic tech ability to set up. Use of the stronger OpenVPN standard within modified routers is currently messy, although it can be done by the (very) tech minded. The best hope for a reasonably useable solution appears to be “TomatoVPN” which is currently being improved to work with more VPN providers. Identity Privacy One way to register online with some privacy is to use generic details and look up a serviced office, apartment block or motel address. But there is an alternative: Check out the FakeNameGenerator, which makes it even easier. This site randomly gives you a whole identity in a number of countries, including accurately formatted (unused) ID numbers and a working email address. Payment Privacy In addition to money orders and (on the UK/European side) Paysafecard and UKash, prepaid cards can also be private but may require some time, effort, and involve fees. However, there are gift vouchers easily available which make private online purchases possible without any extra fees. An iTunes voucher, for example, would be the ideal way to credit or register a new iPhone, via an iTunes account (see YouTube). Amazon is another good example: First set up a new account via your VPN. Then Amazon can be funded privately using gift cards available in supermarkets and other stores. Local “Coinstar” coin changing machines also issue various vouchers – some will even take notes. Western Union offices do charge a small fee. Email Privacy   If your email content is often critical and you want to learn how to encrypt email, here is a tutorial for Gmail. Or, here is a tutorial for the free trial version of PGP – the main part keeps working after the trial. Remember, this is for content encryption only – without a VPN, your IP address (and therefore location) is clearly visible as well as the “to” and “from” email addresses. If your content is occasionally confidential but you want something quick and easy, then here is a tip – don’t send an email, share an email address: First create a new free email account, preferably secure (https:) and offshore, then pre-share the details. All you do is save a draft, with or without attachments – for the other person to log in and pick up later. Ideally, one or both persons should use a VPN. The last one out deletes the draft. This method provides the security of a needle in a haystack and interception is highly unlikely – no email is ever sent. Privacy Hardware The mobile privacy tool of choice, the Asus 1000HE netbook, is still available but has recently been superseded by the 1005-HA. This is a worthy successor – with battery life extended to a maximum 10.5 hours. Of the three available variants, the top spec model unfortunately has a glossy screen. Reviews say it is not too reflective, but you could choose the even lower cost middle spec model – there is little noticeable difference (e.g. no Bluetooth, lower res webcam). Or, get a matt screen guard. At home, you can always plug it in to a larger screen – even one like the Samsung 37″ TV this article was written on…. Note that netbooks need an external DVD/CD drive. Conclusion I hope these methods will enable you to take some more privacy steps. The objective is reasonable caution, not fear, in the face of current oppressive trends. These activities are the death throes of a failed system. The source of danger is real, but might be compared to Frankenstein’s monster – inevitably doomed, and not so smart. Monoliths like the NSA, for example, with associated corporate workfare recipients, absorb and then slowly stifle human creativity in their hierarchical straitjackets. That’s why, by God’s grace, as long as there are individuals who choose freedom; we will always be one step ahead. Finally, to defeat this present system, it is essential that legitimate private wealth remains in private hands. Remember the Golden Rule – who has the gold, makes the rules. Particularly if you bank offshore, in fiat currency or precious metals, then these and other privacy measures are now absolutely essential. I look forward to sharing more on this with you Paul Green [send him mail] was born in the UK and currently works from home there as an independent emergency callout specialist for home and small business computer users. He is married with five children – all at home – and the three of school age are homeschooled. Over the years he has also traded the financial futures markets and worked as a one-stop advertising copywriter/ voice-over artist/ music and jingle producer.