2011-02-20

Pirate Software, week 7: Seeks

Ten years ago I collected bookmarks to everything interesting I found on the net. Today I don't, because I can in most cases find it again by just googling it up. But our dependency upon search is quite scary. The net is so vast that it is hard for us to tell if Google is doing a good job, or sending us to the wrong pages. And it is a bit scary that Google saves all our searches. Go here and have a look at your own searches.

If we translated the situation to meat-space, what if you always went to the same guy every time you had a question, and what about the idea of him writing down every question you ever asked?

So, really, there are two issues here:
  1. Is Google giving us the right answers?
  2. How much is our privacy worth?
The first question could be answered, perhaps, by some kind of research, of which I am not capable. There are true alternatives to Google, as you know, but why would we trust the alternatives more than Google? Could we do it ourselves? Well, yes, perhaps. I have found one such effort, YaCy, which is a program you install on your own computer. You can send it off spidering the web for you, but the search results from your computer alone can't do the web justice, of course. Google has, after all, hundreds of thousands of computers at hand for search. So what YaCy does when you search for "pirate party usa" is to connect through peer-to-peer with other YaCy users and assemble the search result from all those peers. So, you might wonder, does it work? Unfortunately, no. My experience is that the results don't reflect what you'd hope for. Your experience might differ, so try it out in case you're interested.

What about privacy, not having all your searches saved by others? There are several ways you can go here:
  • You can tell Google not to save your searches. But do you trust them not to? I think I do, but I'd rather not depend on it.
  • You can switch to one of the proxy search engines out there that explicitly claim they don't track your searches, such as Duck Duck Go, Ixquick or Scroogle. I haven't tried them much, but they seems to work fine. If you ask me, go for the Duck!
  • You could install a proxy search engine on your own machine, such as Seeks. It does share your searches, but anonymously, and only with other machines who have also installed Seeks. In that way it resembles YaCy, but does a much better job. You can try it out here.
    I have currently chosen the Seeks project as my choice for search. Since it is open source I can potentially inspect the source and make up my own mind as to its claims for what it does. The project is very ambitious, as they plan to in the future build its own search index. It may never get that far, but it is currently good enough for me. I might change to something else later, which is the good thing about search - simple to replace.
    
    
    
    

    2011-02-11

    Pirate Software, week 6: Pidgin + OTR

    I was never into IRC for direct chat in the early days of the net. For me the whole concept started with ICQ in 1996, and then with Yahoo Messenger in 1999. These products used proprietary protocols for communication, and were never secure. They also quickly became bloatware and painful to use since they tried to expand into being much more than "lowly" chat.

    But chat will never go away, as we value direct conversations. Today many people mostly use Skype for chat, which is a bad idea for many reasons:
    1. It doesn't use an open protocol, so it is very hard, almost impossible, to put Skype to use except through the official Skype client.
    2. Your messages aren't encrypted between you and your chat partner, so your conversation can (and in some cases probably is) monitored. Remember that Skype offers phone calls to normal phones, and to be allowed to connect with the public phone system, they have to comply with lots of government regulation, of which machinery for wire-tapping by police is one.
    3. It isn't open source, so it is unclear how things works.
    4. Also Skype has become bloatware.
    A very good alternative is Pidgin, which is an open source chat client with which you can connect to IRC, ICQ, Yahoo Messenger, the open protocol XMPP and many many more. It works with Windows, Mac and many versions of Linux.

    Plus it supports OTR, which is an easy to install plugin that offers (quoting directly from the website):
    • Encryption - No one else can read your instant messages.
    • Authentication - You are assured the correspondent is who you think it is.
    • Deniability - The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
    • Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised.
    So, install Pidgin and OTR and see if it works well for you. You can try out OTR with me if you like. My ICQ id is 309394, and my Yahoo id is mats_henricson.

    If you are curious about chat in general, EFF has a very good page.

    2011-02-06

    Pirate Software, week 5: i2p

    The idea of a private, completely anonymous internet guarded with strong encryption and re-routing of messages seems to be from at least mid 1988. Two fascinating reads are The Crypto Anarchist Manifesto and A Cypherpunk's Manifesto. If you hesitated just a millisecond before you clicked on these links, then you know the reason these ideas still exist! Because today government agencies, companies and military organizations across the planet are monitoring what we all do on the net. The words "crypto", "anarchist" and "manifesto" surely attracts some search queries. Is that desirable? Does it feel good to drop into a bucket labeled "suspicious" just because you're curious about cryptography?

    Many people think not, and some even try to do something about it. One of the best efforts out there is ip2, also known a Invisible Internet Protocol. It is completely open source and very actively developed by a large bunch of people. (As a side note, one of the developers went under the name of jrandom, but he (or she, who knows) mysteriously left the project in 2008 and has not come back. There are other similar mysteries if you know where to look.)

    Anyway, ip2 is very simple to install, very simple to upgrade (being developer myself I must say it is exceptionally well done), and just works. There are lots of services built on top of i2p:
    • Web browsing
    • BitTorrent
    • Chat
    • Email
    Some of these services are completely hidden inside i2p, so if you use an i2p chat, then the messages never leaves the encrypted network. As such it is as private and anonymous as you can ever get. i2p uses strong encryption and p2p networking, technology that is threatening to many, and if our societies goes completely to hell it is likely i2p will be banned. So, we'd better start using it now!

    2011-01-30

    Pirate Software, week 4: Wuala

    Wuala is a remarkable piece of software. It somewhat resembles Dropbox, which is a hugely successful product that lets you store files in the cloud. Lets review what Dropbox does first:
    • All files you put in the special Dropbox directory on your computer gets copied to the cloud.
    • You can install Dropbox on several computers, and the files will be in synch as long as they are connected to the net.
    • 2 GB is free, you can get more by referring friends and colleagues to Dropbox until you get about 10 GB. You'll have to pay if you need more than that.
    • In case your computer gets stolen or destroyed, all your files are safe. Just install Dropbox on a new computer, login, and all files are downloaded from the cloud.
    • Dropbox is very well designed, works well, and can be installed on Macs, Windows, Linux, iPhones, iPads, Android, etc.
    • You can turn off Dropbox, and your files will still be there in your Dropbox folder.
    • You can put files in a public folder where they are accessible to anyone. For example, here is my resume. Whenever I change it on my computer, the changes can be seen by everyone, which is very handy.
    • You can create a group of friends and share files in this group.
    Dropbox has a few problems:
    • It is not open source
    • It does not encrypt your files all the way from your machine and out.
    Wuala works exactly the same as Dropbox described above, with a few differences:
    • It isn't completely open source, but some parts are.
    • If you turn off Wuala, then your files aren't available since they can't be accessed unless unencrypted by the Wuala program, using the encryption keys on your computer.
    • Wuala encrypts your files on your machine, so they are never readable to anyone else, not even Wuala employees. This is a crucial difference to Dropbox, where your files are encrypted while in transit to Dropbox, but then available unencrypted to Dropbox.
    • 2 GB is free, but, you can trade up to 100 GB of your local hard disk for 100 GB of cloud storage. Wuala will copy encrypted files from other users onto your hard drive, and your encrypted files onto other Wuala users hard drives, forming a redundant cloud network. And if you have several computers connected to the same account and share local disk from all of them, then you are rewarded with cloud disk for all of it. If you need more than this, then you have to pay.
    • Wuala works well with Linux, Mac and Windows, but the cross platform support isn't as good as for Dropbox.
    • Wuala isn't really as easy to use as Dropbox, but some of that is on purpose, since they are dead serious about the privacy of your files.
    If you are committed to 100% open source then neither Dropbox or Wuala is for you. I'd recommend Tahoe-LAFS, which is a piece of software I plan to talk about some other week.

    Wuala is a Swiss company, so probably not as likely to yield to governments knocking on the door asking for information. Regardless, I recommend downloading their software, register an account and check it out.

    2011-01-22

    Pirate Software, week 3: Bitcoin

    I believe Bitcoin is the nest evolutionary step for money!

    Which is a pretty bold statement, but let me explain. Bitcoin is encrypted currency in a peer-to-peer network. The code that runs all this is open source (with a few core developers) and the community around it is very very active. It is not backed by anything, such as gold, so its value is only backed by its usefulness, and the possibility of it becoming really big in the future.

    The current price (2011-01-22) for 1 Bitcoin (BTC) is USD 0.39, which is about € 0.29 or SEK 2.57. The value goes up and down quite a bit, so don't buy Bitcoins for all your money, OK?

    The compelling features of Bitcoin (compared to money 1.0) is:
    1. You can be pretty much anonymous when you send money.
    2. Transfers can't be stopped, so if you wish to send money to Steve in Rio, nobody can stop it, not even Steve.
    3. Transfers are completely free, or almost free (I can't go into details here, unfortunately), so no bank or credit card company will take a slice.
    4. Transactions are pretty fast (within a few minutes), at least compared to many bank transfers. Not as fast as handing over cash, but almost.
    It is clear that Bitcoins in many ways are superior to money 1.0, and anonymous unstoppable transfers of money will not be popular with some governments, so we can expect a very hard reaction against Bitcoin in the future. That alone is perhaps reason enough to start using Bitcoins - who doesn't want to be a rebel?

    So, how does all of this work? Well, it is all described on the Bitcoin website, where there are free downloads for Mac, Windows and Linux. Go there, download the program, start it up, and contact me by encrypted email to mats_s@henricson.se (you should know how to do it now, right (LÄNK)) and I'll send you a Bitcoin to get you started. I currently have about 140 Bitcoins. All I need from you is a Bitcoin address. Here is one of my addresses:
    1J68uJvM1RL6ZU3iSWaHPrJyM1TTkxMcGj
    All I need from you is such an address, which your Bitcoin program can generate for you. Then send the coin somewhere, such as to the EFF. Their address is:
    1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt
    Just a few days ago there was an article on EFF's website called "Bitcoin - a step Toward Censorship-Resistant Digital Currency". It is a good read.

    "Bitcoin is to Paypal as email is to fax."

    2011-01-17

    Pirate Software, week 2: Enigmail

    There are many ways to send encrypted messages by email. I use Thunderbird, which has had an encryption plugin since 2003, called Enigmail. It is reasonably simple to setup. Enigmail will prompt you for a password, and you'll better pick a strong one (described here, among other places). Enigmail then lets you publish your public key to special key-servers where it can be found. You can also put it online somewhere. I have my public key here. Have a look - it is good to know what these keys look like! You won't get my private key, though. It is for my eyes only.

    I have chosen to use a special email address for my encrypted emails, mats_s@henricson.se. The reason is because I once used my ordinary email address, then by mistake threw away my key. Don't ask me for details - it was so stupid that it still makes me blush, even though it happened 7 years ago.

    Now, turn on Enigmail encryption for your email account, and send me an email! I promise to send an encrypted email back, letting you know it works.

    2011-01-09

    Pirate Software, week 1: HTTPS Everywhere

    Most web traffic on the net is transferred pretty much in clear text, dead simple to read by anyone between your computer and the destination computer. The protocol used is, as you may know, http. If this was the only way to communicate on the web, all our passwords would be stolen as soon as we sent them. Fortunately there is a cousin protocol called https where the "s" stands for "secure". It is in use in most cases where you login to a website (such as GMail). After you have logged in, traffic most often goes back to the insecure http protocol again.

    Now, why isn't https used everywhere, all the time? Traditionally the reason has been performance, since https traffic is encrypted, which requires mindboggling long computations on the server. Lately it has been shown that https can be turned on by default for all traffic with very little penalty. GMail is such a product, so you can actually read all your Google email using https. Unfortunately, most sites out there are still using https for login only.

    This is where the HTTPS Everywhere Firefox plugin from the Electronic Frontier Foundation comes in. It will do all the switching to https for you, automatically, for a whole bunch of sites:
    • Google Search
    • Wikipedia
    • Twitter
    • Facebook
    • bit.ly
    • Wordpress.com blogs
    • The New York Times
    • The Washington Post
    • Paypal
    • EFF
    • Tor
    • ...
    So, a Google search for "tunisia" automatically becomes:
    https://encrypted.google.com/search?q=tunisia
    And if you click on the Wikipedia http link that looks like this:
    http://en.wikipedia.org/wiki/Tunisia
    The HTTPS Everywhere plugin will ensure that you are instead sent to this https link:
    https://secure.wikimedia.org/wikipedia/en/wiki/Tunisia
    If you use this Firefox plugin, the result is that it gets much much much harder to listen in to what you do on all of these websites mentioned above. If all web traffic was transformed from http to https, then it gets almost impossible for FRA to do any surveillance of Swedish web traffic.

    Now, who are these Electronic Frontier Foundation guys? They are indeed one of the truly Good Guys on the net. Quote from their website:
    When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense.
    So, you can trust them!

    The plugin is very simple to install, and just works! Get it now!

    Pirate Software of the week

    Hi, all!

    Here I plan to blog once a week about various software that I believe are more or less essential to anyone that cares about online privacy, freedom and liberty. I have tried out a fair number of them over the years, and will try to only recommend software I know is good and simple to use. Eventually I will run out of software to recommend, possibly around summer 2011, at which point I hope to get some help from others. If you are interested in helping out, contact me at mats_s@henricson.se (my encryption key is here).

    I will do my best to explain:
    1. What the software is good for (what it does)
    2. How to install and use it (is it simple or difficult)
    3. The licensing (most will be open source in various flavors)
    So, mark this feed and stay tuned in case this interests you!