Last week we had a bit of fun and looked at technologies for budding dictators, but this week we're looking at the other side of the coin – how to stay safe online if your future depends on it.Honourable Mention: Hacking Shaun Nichols: At first we weren't sure how to classify this one. Malware wasn't really the right term, neither was spyware. We decided to just go ahead and use the label 'hacking' .Regardless of how you label it, there are times in the battle for freedom when you may need to access a system under less than, well, conventional means. At those times, you may need to use some tools to bypass security protections and authentication components.That's not to say we're endorsing such activity. Whether your motives are just or not, that sort of thing is considered illegal pretty much everywhere, and people who get caught will undoubtedly face some unpleasant consequences. There are, however, times when the risk of imprisonment and punishment are worth the potential reward.Iain Thomson: Is it OK to break the law in a moral cause? Many people who are now great statesman once thought so; Nelson Mandela comes to mind. Sadly the courts disagree.As we are seeing in the case of Gary McKinnon when the US nabs you on terrorism charges for hacking it doesn't mess about. McKinnon isn't a freedom fighter, merely someone with mental problems who thought he was on a quest to unveil the truth about UFOs. He's now facing decades in prison for his activities.In the wider world a measure of hacking is a prerequisite for getting open access to the internet at all in some countries. There's also less of a moral question about getting into the systems responsible for their repression, although the penalties are much more severe than McKinnon faces in many cases. Honourable mention: Complicit companies. Iain Thomson: This was an unusual last minute entrant, suggested by Shaun in the light of last week's Top 10.While initially I was sceptical Shaun made his case. Certain companies are beginning to show some guts and say that business in China is about more than money.This is not long before time. China has an understandable aversion to some aspects of Western culture – considering that if the British, French and Russians had set up camp in Manhattan for 50 years by force of arms as Shanghai was America would be up in arms.Since Google has come out against censorship, for whatever reasons, other Western companies have also been called on to make a stand. If they will or not remains to be seen.Shaun Nichols: Seeing as how Google inspired our top 10 tools for tyranny list, I think it is only fair that we include companies which don't kowtow to oppressive regimes on our list.It takes a lot of guts to say no to a government when you're a business. If you don't do what you are told and the people in charge take notice of it, you and your employees are likely to all be out of jobs and possibly even behind bars.If anything good has come out of the rise of multinational corporations, it is that some are becoming less beholden to governments and able to take a stand when something is not right. China may be a huge economy, but Google has plenty of business elsewhere in the world. If the company does pull out, they will hopefully be able to get along just fine.10. OpenDNSShaun Nichols: We chose OpenDNS here, but there are a myriad of similar tools that can be used to take some of your dependency off of your local ISP and into your own hands and those of like-minded people.For those unfamiliar, the DNS system is what allows clients and servers to link up the text of a URL with the numerical IP address of the server hosting the site. The task of cataloguing and matching the URLs and IP addresses is handled by a DNS server, usually provided by the user's ISP.OpenDNS is a well-maintained DNS service which is free and open to all users, and for a great many people, it is far faster and more reliable than the ISP's own servers. Additionally, it is constantly maintained and updated to protect against possible attacks, such as the 2008 DNS cache-poisoning flaw. It also gets one more activity out of the hands of ISPs, which are often more than willing to hand over information to government agencies.Okay, so DNS information isn't exactly sensitive data, and it's not like OpenDNS would prevent an oppressive regime from keeping people down, but it's at least a small way you can take some of your activity out of the ISP's hands. Iain Thomson: OpenDNS isn’t perfect by a long chalk but it is a very valuable tool.Anything that gets your data out of the hands of the ISP is a good thing on the privacy front, especially if the ISP in question is run by the government and subject to constant monitoring.In more closely-run internet monitoring states use of OpenDNS may also be a big red flag so be careful how you use it.9. Clean Addresses Iain Thomson: A must have for the budding activist is a clean email address.Ideally this is one that has been used at all. This involves using the account to write emails in draft form, and not sending them, but having a trusted contact who can also access the account, read the messages and type a draft response.Even if emails are sent then such a low use account would raise few warning bells in unsophisticated monitoring regimes. With the rise of mobile phone use for email then it would have to be a very quick monitor to pick up a signature. This is a tactic used by many groups, both benign and malicious. So-called 'clean skins' are the hardest operatives to trap, because they have no record. This is what makes it important to keep certain people solely as methods of communication, and from the other perspective, to keep watch on the behaviour of others.Shaun Nichols: This is one space where collaboration services such as Google Wave could prove valuable.If users could access collaboration pages hosted in a safe location, they could communicate without having to worry about interception of those messages by authorities.When combined with our earlier nod to companies that don't give in to government pressures, you have a pretty effective tool for safe communication, at least until the local authorities contact your ISP and have the service blocked.This is, as Iain noted, both potentially a good and bad thing. While it could be used to subvert restrictions on free speech, it could also be used to facilitate the planning of malicious actions. Which brings up a troublesome fact- "activists" and "freedom fighters" in one part of the world are usually considered "criminals" and "terrorists" in another part.8. The Electronic Frontier Foundation (EFF)Shaun Nichols: While their global reach is still somewhat limited, the EFF is championed amongst the computing world for its tireless efforts on behalf of user rights and access to information.Founded in 1990 by Mitch Kapor and John Peery Barlow, the EFF has used legal expertise to argue on behalf of the little guy. The group's efforts have included a prominent position in the fight against DRM software and takedown of user-submitted videos as well as tireless efforts to put once-classified government data online for all to see.Additionally, the group has championed net neutrality and gone after labels and studios that use bully-tactics on users suspected of sharing media files online.It's somewhat scary to think about what the tech world would be like had it not been for the efforts of the EFF.Iain Thomson: To my mind the EFF is the biggest thing Mitch Kapor can be proud of in the tech arena, and considering the impact of Lotus 1-2-3 that's saying something.The EFF's web site is a treasure trove of useful stuff for anyone interested in staying private, which is probably why so many countries try to block it. It contains software tools to help evade national firewalls to simple browser setting advice.But it is the operation behind it that shines. The EFF has proved a highly effective watchdog of the technology world and it keeps governments (reasonably) honest. It mixes high profile investigations into illegal US government wire-tapping to more draw out legal battles.If you are a technology user of almost any type then the EFF has got your back, and thankfully it's very good at what it does.7. Social mediaIain Thomson: When the first plane hit the Twin Towers On that day in September one camera recorded the first aircraft strike, that of a French documentary team filming new York firemen. By contrast the vast bulk of the initial footage of the Haiti disaster has come from social media.No-one can deny the instant coverage that social impact of social media. The demonstrations in Iran, the Burmese monks and footage of the police in the US and UK have shown that the panopticon is swinging round from those that control the media to those that create and consume it.On a personal note the moment this really kicked in was at last year's G20 demonstrations in London, and the death of Ian Tomlinson. Tomlinson was the only fatality of the demonstrations and at the time the police story was that he'd had a heart attack and medics tried to help him but were bottled off by protesters.It was only after, ironically enough, a New York investment fund manager put the footage he had shot online, that the rest of the world saw his attack from behind by the police, while walking with his hands in his pockets. London may have the highest concentration of CCTV cameras in the world but none of them caught this, but a bystander did.Video recording technology is increasingly being embedded into many devices, and it is a very effective weapon against the 'official line.' Add in the reach of YouTube, Twitter and Facebook and you have a powerful tool against oppression.Shaun Nichols: As we are now seeing, YouTube isn't just a place for goofy blooper videos and crackpot political rants, it is also a valuable way for people to share footage.Increasingly, news services around the world are picking up on this and installing portals where users can upload and share their video of important events. This is allowing users to capture and broadcast video of government, military and law-enforcement groups behaving badly and has in some cases also helped police bring violent criminals to justice.As much as we like to malign their usefulness at times, social networking sites such as Facebook and Twitter have also become tools for sharing information and campaigning for freedom and justice. Not everyone has the time or interest to maintain a full blog, and few of us are able or willing to scroll through dozens of blogs a day.The aggregator features of social networking sites allow multiple updates to be seen at once. During a large and tumultuous event such as a protest or government crackdown, these sites do in fact become very useful tools for gathering information.6. Open source software Shaun Nichols: When people like Richard Stallman and Linus Torvalds created the pillars of the open-source software movement, they did so with the fundamental belief that software and digital data should be open and accessible to all users. This is, of course, quite conflicting with the basic tenants of tyrannical rule.One of the great things about open-source software is that it can be opened up and tinkered with by just about anyone who wants to. Additionally, open-source tools and applications can be more or less shared freely on the web. This allows people who may otherwise not have access to the resources to both use the software and learn how to build and tinker with it themselves.Tyranny isn't always apparent in the form of outright oppression, often it comes in the form of purposefully maintained ignorance. Open source software can allow users to educate themselves, and is therefore a pretty handy tool for subversion in the grand scheme of things.Iain Thomson: It would be hard to argue with the use of open source as a security measure.Firstly, as Shaun points out, a good knowledge of open source software is very handy, particularly if you can code your own applications and don’t have to rely on questionable third parties to supply them.Secondly much of the worlds core infrastructure is run on open source code, and a good knowledge of the systems can reap real benefits in terms of staying off the authorities radar and finding out what you need to know.Open source may have flaws, as any code will have, but the flaws are few and the benefits are many.5. Smart behaviourIain Thomson: While operating under an oppressive regime the essence to staying hidden is to work under the radar.If you're living in a state that has access to potentially all your online activity then you need to be very smart in how you act. Long internet sessions are bad security, instead limit activity to a minimum and leave the modem off for long periods to reset the IP address if possible.Avoid your ISP, and never use the built-in search engine. Chances are your ISP is state-sponsored and will happily, or at least quickly, hand your data over if requested.Preserve your anonymity and give out nothing online that you wouldn't happily see in print the next day in your local newspaper. Electronic traffic is open to revelation and the use of code is essential.Nine times out of ten the police talk about the fatal flaw that catches the villain. In fact there's a lot more detective work that goes on and it's usually stupidity that trips people up. But the smart activist doesn't give their enemy any clues if they can and eternal vigilance is the price of liberty.Shaun Nichols: While at lunch the other day, we were laughing at the idea that people still need to be told not to crack bomb jokes while in the airport. But it raised an interesting point in the context of this list- if you want to keep a low profile while amidst a possibly oppressive group, it's best not to attract too much attention to yourself.There are many simple, commonsense ways for users to stay out of trouble. As Iain mentioned, knowing where you are and who can see it is the main idea.Additionally, not falling for scams and social engineering tricks is also important. The recent malware infections at Google and Adobe were carried out through "spear phishing" attacks which were specially crafted for each individual user and intended to look like a genuine document from a co-worker. It is always a good idea to take a close look at any email attachments and to be very weary of unsolicited messages, even those from friends. This is doubly true if you're in a country where oppressive authorities may be out to get you. 4. EncryptionShaun Nichols: It may be hard to these days, when everything from thumb drives to pizza orders is transmitted as encrypted data, but there was a time when computer encryption tools were considered to be a danger on par with rocket-propelled grenades and automatic weapons.In World War II, governments learned the importance of cryptography to sending electronic messages and preventing enemies from intercepting them. The practice of encoding and decoding messages was so important that Great Britain set up the Bletchley Park facility and developed what would later become some of the world's first computers.In the decades that followed, cryptography remained a closely-guarded practice that was tightly controlled by governments. In fact, in the US it was considered illegal to transfer cryptography tools of any sort outside of the country as the technology was classified as "munitions and auxillary military technology."Only in 1995 was the ban officially lifted and citizens were allowed to take publically-available encryption tools outside US borders.The use of encryption to keep governments or dictatorial regimes out is obvious: protect transmissions from being intercepted and prevent the recovery of seized storage drives. But encryption tools can also be a useful way to keep criminals and data thieves from lifting your info.Iain Thomson: I would have liked to see encryption higher up the list, of which more later, since it is fundamental to both private and security online activity.In the 1930s the US all but shut down its encryption and code breaking facilities after US Secretary of State Henry Stimson declared “gentlemen don't read other gentlemen's mail.”For the individual user encryption is a must have. It’s appalling that it has taken Google so long to encrypt its online apps and I am still gobsmacked by how many companies don’t bother to encrypt either current data or backups.Individual who want their email and other data to remain private must also get up and do something about it. There are plenty of free encryption services out there and every internet user would be advised to make use of them.3. Mobile phones Iain Thomson: Mobile phones are both a blessing and a curse to the activist. On the one hand they provide instant communication and, increasingly video evidence. But on the other they are easily traceable, the encryption is probably cracked and they are amongst the first things seized by authorities. Mobile phones are very useful in certain circumstances. They can be used for instant person to person conversation and man of them come with cameras rivalling most of the handheld camera market. Those pictures can then be uploaded around the world in seconds.But there's a downside. Due to radio mast triangulation, and increasingly GPS coordinate hacking, mobile phones can actually help pinpoint so-called troublemakers. Even if a mobile phone is switched off it is detectable and the only way to avoid this is to remove the battery altogether, something not possible for iPhone users.Mobile communications are essential in a system to beat oppression. The ability to act fast and be in constant contact cannot be underestimated. But these useful tools come with responsibilities.Shaun Nichols: The next frontier of electronic activism and privacy protection is going to be the mobile phone. In fact, it already is. Many security developers and engineers are working on ways to encrypt phone data and ensure that attackers can not compromise the handset.There is no doubt that mobile phones are incredibly valuable, particularly now that so many have embedded cameras and audio recorders. However, allow me one small gripe: the provider.Much like ISPs tend to roll over to government data requests, mobile phone service providers are often all-to-willing to hand over user information, even in cases where the user like poses little to no physical danger to anyone. It’s definitely foolish to think that anyone using a cell phone is anonymous these days.Additionally, there's the infrastructure issue. As anyone who has tried to access the mobile broadband networks at a large convention such as CES or CeBit can tell you, when lots of people are gathering and uploading information, the networks can quickly become overwhelmed and the flow of data can slow to a crawl or stop altogether.2. BlogsShaun Nichols: Perhaps it's the journalist in me, or perhaps it's the unruly new-world colonist in me, but I consider free speech to be hugely important and I fought long and hard to get this at or near the top of the list. With the maturation of the web and the growth of site providers, the concept of the blog has exploded in the last decade and become a central element of the web as we know it.In recent years, the blog has also proven itself as an invaluable tool for giving ordinary citizens a voice and allowing them to speak their minds. Almost every week it seems we are finding critically important news from some part of the world that is only emerging through blogs.With state agencies now tightly controlling the press in so many parts of the world, blogs are often the only way that the rest of the planet can find out what's going on in a region and how the people are truly getting on.So much effort now is being put into getting computers into remote and impoverished areas of the world. I believe that shortly after those efforts are established, someone needs to offer a program which gives those same populations free hosting and access to self-publishing tools.Iain Thomson: Shaun was indeed vociferous in his arguments on this one, but blogs really be this high one wonders.On one level blogs really have become the new political pamphlet, but with a much wider scope. If Thomas Paine had been alive today I suspect he would be turning the air blue with purple prose to stir up his readers. One hopes he wouldn’t be tempted to add LOL to some of them as well.The importance of the blogosphere in shaping national moods is growing, and restrictive states are clamping down on bloggers if they don’t follow the party line. One of China’s leading bloggers has said he is giving up because of the constant worry that he might end up in prison for expressing his views.Blogging is particularly effective in states that control the media. Since the traditional forms of communication are compromised people automatically look outside at blogs for an alternative slant on what is going on. They just have to find bloggers they trust.Here in the West the media poses a different problem, since they are the ones outing anonymous bloggers. A UK court recently ruled that there was no right to anonymity for bloggers, leading to the shutdown of an informative police blog. 1. Web ProxiesIain Thomson: In an age of internet communication anonymity is surely the best tool for those in the business of getting rid of oppression. A project known as TOR, a military system developed by the US Naval Research Laboratory, was taken over by the Electronic Frontier Foundation and is now being used to shield internet users from repressive regimes around the world. When the first internet protocols were formed there was little thought of the future that lay before the internet. There are strong calls for a revision in the basic IP principles to identify users individually. While this might make life easier to e-commerce they would be a death knell to internet users freedoms.Anonymity is what makes the internet so much more subversive than Caxton's press ever was. In a minute's post online millions more readers can obtain information than was ever possible under dead tree publishing.But how people obtain that information has to be safe, and TOR is a valuable tool in being able to do that. Information on it own is not enough, it has to be accessed freely.Shaun Nichols: Again, it's a fallacy for any user to believe that they are completely anonymous online. When your computer connects to another system, it's invariably going to leave a trail.As any hacker worth their salt will tell you, the key is to make that trail as hard to follow as possible. Going through protected connections and servers is one way to do so, bouncing your connection through numerous proxy systems, making the tracing process tedious and difficult.The Onion Router, or TOR, uses both of these. The general idea is that a user's connection goes through a server which then processes the encrypted connection through a series of proxy servers. The result is a virtual dead-end for anyone trying to analyse the path a user took.The ramifications of this are obvious- users can surf the web without being tracked back to their home systems. Unfortunately, there is also an easy way for oppressive regimes to prevent this: simply use a filter tool at the ISP level to block users from accessing the TOR service.
Issue: 342 | September 2015