Corruption of LOL

It looks like the United States government made some pretty serious steps today in technology.

Government App Store

First of all, a new “.gov” website has appeared under the authority of the GSA at Apps.gov. I’d be wary of trying to “register” on the website unless you are expressly authorized to do so; a warning at the bottom of each page advises that “unauthorized activities [on the website] are subject to disciplinary action including criminal prosecution.” So unless you can find some strange pleasure in being “disciplined” (ooooh, you baaad citizen, you) by the federal government, I’d tread lightly on the site (oooh, you waaant access to my fiiiiiles…. naughty naughty….). (Sorry, I got carried away, moving on…)

On that note, I poked around a little bit (without putting in any information, of course), and there are some curious things there– do check it out.

government.google.com? Not Exactly, but Close

Secondly, Google has made announcements that indicate that the U.S. government is going to being using the Google Cloud for much of it’s storage, processing, and productive needs.

Other than the extremely basic implications (simply that the government is buying services from Google, as it does many contractors) one can also consider the fact that the government is placing a very large amount of its information storage and processing into the hands of a publicly-owned company. Granted, those who interact with the actual servers will have just the same security screenings and clearances of their government-employed counterparts, however, they will still be private citizens working for a public company.

An analogy to the private military contractors of “Blackwater” may be useful. Blackwater operatives are hired by the government to provide “security” in certain circumstances. Similarly, Google and their employees will be hired to provide productivity and data solutions for various federal, state, and local agencies. This kind of contracting will allow the general population to just be one step closer to the inner workings of the government. And, God forbid, might provide leverage for said population should it be ever be required. I don’t intend to come across in any way as an anarchist or anything of the sort, but I think it’s nice when the government “of the people” can actually be manipulated by the people should the need arise. This, I would say, is a step in the right direction.

When using public or other unsecured wifi, it becomes much easier for hackers and sniffers to root out your private information, compromising your privacy, and maybe even your identity.

And just for your information (not that I would ever condone this , this technique can also bypass internet blocks enforced by companies, schools, etc.

I’ll provide the Mac instructions, but the same is possible on a PC using an SSH client, such as OpenSSH.

Manual Instructions

1. Get (or use your existing) web hosting that supports SSH. Unlimited bandwidth is preferred. My recommendation: Bluehost.
2. Set up your SSH, remembering your passwords and usernames.
3. Open Terminal
4. Type in the following code: ssh -ND 9999 yourusername@yourwebsiteaddress.com (You will be prompted for your password. Enter it. The terminal window will appear to freeze up; this is what you want, and means that you have successfully connected. This opens port 9999, connects through SSH to your server, and stays open until you terminate it; it’s basically a secure tunnel that you’re going to route your internet traffic through.)
5. Open Firefox, then Preferences, then the Advanced tab, and click Settings (how Firefox connects to the internet).
6. Choose Manual Proxy Configuration.
7. Under SOCKS Host, type localhost and under Port, 9999. Under No Proxy for, type localhost, 127.0.0.1. Select SOCKS v5.
8. Click OK.

If you’ve done everything correctly, Firefox will appear to work as usual, but perhaps slightly slower.

Congrats! You are using secure internet!

When you are done using your secure connection, change Firefox preferences back to No Proxy, and terminate your Terminal. DO NOT just close Terminal–you are likely to remain connected. Select Terminal and press Apple-Period (Cmd-.), then quit.

Using AppleScript (Creating a Secure Internet Application) – Apple only

I’ve made the instructions pretty straight-forward, but you might need to be a little tech-savvy to figure this one out. This will combine all the steps above into an application that will give you secure internet access.

1. Download and install NPS AskPass (for Tiger–it works with 10.4 and above, including Leopard)
2. Open Terminal and type /Applications/Firefox.app/Contents/MacOS/firefox -ProfileManager
3. Create a Firefox profile called “secureaccess”
4. Open your new Firefox profile, and follow steps 5-8 above. Close Firefox when you’re done.
5. Open Script Editor and create a blank script.
6. Save it as “proxysetup.app” (application bundle) to your desktop.
7. Open Finder, go to Firefox, right click and hit “Explore Package Contents.” Open the Contents folder, then create a folder called “securessh.”
8. Drag your proxysetup.app from your desktop into your newly created folder within Firefox.
9. Back in Script Editor, enter the following into your proxysetup file:
   do shell script “ssh -ND 9999 yourusename@yourwebsiteaddress.com &> /dev/null &”
10. Save proxysetup.app and close it.
11. DOWNLOAD MY PRE-COMPILED APPLICATION HERE. You must have followed all previous instructions EXACTLY or it will not function. Open the application with Script Editor if you need to make any changes to tailor it to suit you.

When you run the application, it should do three things, in no particular order:

1. Open a dialog box indicating to click OK to close the connection. Put this off to the side, and only click OK when you are done. (After you click this, a dialog will appear saying something like “Can’t get end.” Don’t worry, that just means that your connection is closed. That is what you want.
2. Open your “secureaccess” Firefox profile with the proxy settings all ready to go!
3. Open a password dialog box. Enter your server’s password to connect to the proxy. Firefox will then be able to connect to the internet in a secure fashion!

Congratulations! You now have a secure internet application!

BONUS: If you want it to have my custom and cool-looking golden Firefox symbol (as seen above) just save the image file, make an icon out of it with Pic2Icon, and then place it over the existing icon (hit Cmd-I on both files, and drag the icon over).

Enjoy!

I recently posted a link to Google Voice on my blog.

Upon reading about it further, it seems as though there are a number of people concerned with the privacy implications of using the service.

I, for one, will continue to use the service (due to its sheer usefulness) until it becomes abundantly clear to me that I am causing some sort of harm to myself by doing so.

However, consider this article from a computerworld.com blog: Google Voice: Press “1″ to invade your privacy.

I read that article, followed by Google’s official privacy statement concerning Google Voice.

However, it is important to realize how a Google Voice number can also protect your privacy as well, believe it or not.

Google itself will have greater access to more of your information, of course (call logs, SMSs, etc.) but for the most part (and hopefully the whole part) this will be limited to machines and computers mining for data rather than humans actually looking at it.

On the other hand, the people who call your Google Voice number will be put through additional layers of security–layers that are more likely to protect you than anything else. Google Voice numbers give you the ability to screen calls prior to picking them up, and even to block unwanted callers completely. This functionality, along with the simple fact that your real phone number is never revealed, balances out the potential risk of losing some privacy to Google.

It’s a give-and-take thing. Once it becomes open to the public, each person will have to decide for themselves whether or not it’s a tradeoff they want to make.

My recommendation: DO IT.

—-

[EDIT: There is a good overall analysis of the service here.]

One of my daily watches: check out Lauren Weinstein’s Blog.

New articles coming up!

Stay tuned, stay safe.

For now, just check it out yourself:

Google Voice

I’ll discuss potential uses for this type of service as related to personal security later, but for now, it’s just too cool not to post.

If you’re lazy and don’t want to read it all, here’s the rundown:

1. Buy a used GSM phone from a private seller WITHOUT an activated SIM card and WITHOUT GPS. (Recommendation: Nokia 1600)
2. Buy a pre-paid SIM card for a carrier that does not require personal information. Buy it from a private seller if it must be shipped to you. If you buy it in person, pay cash–this will eliminate any possible ties back to you through the credit card receipt. (Recommendation: Net10’s lowest cost card available)
3. Activate the SIM card using a pay phone or other anonymous phone (again, to eliminate any potential ties to you). If using Net10, you should not have to provide personal information. If your specific carrier requires personal information, choose another carrier. Providing false information can be illegal and I do not in any way suggest or endorse the idea.
4. Use the phone as infrequently as possible, and only for calls which you think are of confidential nature. Dial *67XXXXXXXXXX (X’s indicated the desired destination number) to mask your number from the caller ID of the recipient–this will help to keep the fact that this number belongs to you a secret.
5. When you run out of minutes or time on your pre-paid card, do not renew it. Throw it away and buy a brand new card with a brand new number. Not keeping any one number for very long keeps potential eavesdroppers from catching up to you.
6. Do not give away your phone number. Use the phone for outgoing calls only.

Now for the meat and potatoes; well you’re reading it, aren’t you?

I’m not a conspiracy theorist, I promise. If you are…. well, first of all, God help you; secondly, you might still find this post interesting, but I wouldn’t bookmark me–you are probably better suited fulfilling your secret-agent fantasies elsewhere.

First off, I feel the need to explain myself for writing this. I know you’re saying to yourself, “I’m a practical person reading a blog meant for practical people, and some guy is trying to tell me I need an untraceable cell phone?!” Crazy sounding, I understand, but practical nonetheless.

Eavesdroppers don’t have to have targets.

Cell phones have weaknesses. They can be easy to trace, locate, and even tap/bug/intercept given that there is someone out there with the desire to do so. To borrow a military term, “high value targets” for this can include the likes of corporate executives, government officials, and so on. And, even if you don’t think that you are likely to be an intended target, there is still the possibility of becoming an unintended or chance victim, possibly leading to identity theft or worse.

My phone is military-spec, it’s not weak!

Your phone may be able to withstand a bullet or a ten foot drop, but this is the 21st century–weakness more often refers to holes in firewalls and 8-bit encryption more often than it does to lack of physical durability or strength. There are numerous ways for your phone to become compromised or for it to compromise you:

• Unencrypted signal
• Cell phone cloning
• (Un)authorized pinging
• Recorded call history

The most dangerous element of cell phone insecurity is the fact that many carriers and their associated phones do not encrypt voice signals or data transfer, leaving them open to close-range hackers. Listening to a cell phone signal is illegal, but not difficult with the right equipment. Before cell phones were prominent, the frequencies that they utilize were not federally restricted and it was perfectly legal for the public to tune in to these frequencies. Today, widely available radio frequency scanners have been manufactured in such a way that monitoring certain signals (from cell phones, cordless phones, etc) is not possible. This means that all a hacker needs to do is find himself a frequency scanner from the pre-cell phone era, and he can just as easily listen to you on your cell phone just as easily as he can the local fire department.

“For goodness sakes, Jim, make a decision!”

You are going to need to make a choice. Only GSM phones are unencrypted. (T-Mobile, AT&T (Cingular), and basically any phone with a “SIM card” are GSM-based.) CDMA phones (Sprint, Verizon, etc.), on the other hand, change channels so often and in such a way that makes them virtually impossible to listen-in to continuously. Sometimes carriers even offer additional levels of encryption sometimes referred to as “voice privacy.”

Sounds simple, right? Just trash your T-Mobile and go get a Sprint phone. SLOW DOWN, cowboy. Yes, CDMA phones are more secure in this way, but you can also sacrifice a lot of security with a CDMA phone. Read on.

Having a truly untraceable cell phone does, of course, require that your service provider be completely ignorant as to your identity. This means that you must not enter a contract (unless you yourself are an identity thief) as this would associate your name, address, credit card number, etc. with your phone number. Do this, and you lose anonymity, which is a paramount concept to an untraceable cell phone.

The solution, you must narrow down your options to pre-paid service providers.

Remember the choice I told you that you were going to have to make? Well, here it is: with a regular CDMA phone, you will have voice privacy in your immediate area. CDMA phones will prevent your neighbors or close-followers from hearing your calls and intercepting your text messages and any other data transfers. All you need for this is a regular run-of-the-mill cell phone from a CDMA carrier. The drawbacks? The phone number is associated with your name. Authorities can listen to your calls with a warrant (hopefully this is not of concern for you), information related to call history and cell phone usage can be subpoenaed, and you will generally leave a trail with use of the phone.

If you value secrecy of contacts, protection from overzealous ex-’s, or whatever (again, I’m not judging) and in my opinion, a more “untraceable” cell phone, then a (fairly specific) pre-paid GSM phone is what you need.

But, if you want to be as secure as possible, we must be specific:

Most of today’s phones are GPS-enabled and vulnerable to pinging (carrier sending out a signal that prompts your phone to return it’s coordinates to the carrier). Get a phone without GPS.

• My recommendation: Nokia 1600 (This phone tends to be cheap as well, so if you are so inclined as to pull a Jason Bourne and throw the phone in a public trash can instead of hanging up, you are welcome to.)

Your carrier will need to be okay with providing service sans personal identification.

• My recommendation: Net10

Don’t ever let your phone number become known.

• Take note that the *67 trick works nicely against civilian caller IDs. Don’t expect it to keep your number secret in all situations.

Alternate solutions to an untraceable cell phone:

• Get a secure cell phone.
• Live in a cave.
• Don’t call people.
• Come to the realization that you really probably don’t need one. (But it’s still fun!)
• Be a teenage girl and prompt your eavesdropper to commit suicide by never shutting up (sorry, teenage girls, nothing personal). But seriously. This is probably the most effective way. Stay tuned for an article about being a teenage girl.

Criminals are SO last year! Like O-M-G, totally!! (Sorry, I got carried away.)

I take no responsibility for misuse of this information. The intention of this blog is to assist people in self-protection. Unfortunately, overlap between self-protection and criminal activity do exist. If you are plotting nefarious activities, have fun going to jail–the police are smarter than you. Do not ask me how to commit crimes. I will fuck you up.