Archive for the ‘ privacy ’ Category

Very Cool

Kryptos

Everything about Kryptos is interesting. If you have any interest at all in cryptography it’s worth knowing about Kryptos.

OBKR
UOXOGHULBSOLIFBBWFLRVQQPRNGKSSO
TWTQSJQSSEKZZWATJKLUDIAWINFBNYP
VTT
MZFPKWGDKZXTJCDIGKUHUAUEKCAR

The only official known plaintext in the above last section of Kryptos is that NYPVTT=BERLIN.

Lots of good information on Kryptos here.

No Agenda Show

If you have never listened to this before I recommend that you do. If you have and you like it, you can help “propagate the formula” with the CD campaign by going here.

I’ve not made any CD’s but I have added all the CD contents to my FTP server which you can get to directly at the following links:

January Compilations  ♦  NA Pipelines  ♦  Red Pill Media Assassination  ♦  Syria or Bust  ♦  You Had Me at Conspiracy

BitMessage

You can learn about it here and here.

My address is: BM-2D7xmy5iPQdPb8fEqcksE8LkRLQDyFnwVZ

Who has your back? Digitally speaking…

If you care about this sort of thing then you know the answer. This is an interesting report nonetheless.

Original EFF article.

Conclusion

There are many ways to safeguard the privacy of individuals from government overreach. EFF has long engaged in impact litigation, educational initiatives, innovative technology projects, and policy advocacy both domestically and internationally to ensure that governments are held to high standards when it comes to accessing sensitive information about us. The foundation of these standards — which ensure our communications and private affairs are not subject to arbitrary government access — are the Fourth Amendment, decades of privacy law, and many years of case law. But in today’s increasingly digital world, online service providers serve as the guardians of our most intimate data — from email content to location information to our social and family connections. The policies adopted by these corporations will have deep and lasting ramifications on whether individual Internet users can communicate free from the shadow of government surveillance.

Readers of this year’s annual privacy and transparency report should be heartened, as we are, by the improvements major online service providers made over the last year. While there remains room for improvement in areas such as the policies of location service providers and cellphone providers like AT&T and Verizon, certain practices — like publishing law enforcement guidelines and regular transparency reports — are becoming standard industry practice for Internet companies. And we are seeing a growing, powerful movement that comprises civil liberties groups as well as major online service providers to clarify outdated privacy laws so that there is no question government agents need a court-ordered warrant before accessing sensitive location data, email content, and documents stored in the cloud.

Recommended Listening

Form you own opinion; it’s worth hearing.

SSH

SSH is the sysadmins tool that never gets dull or worn out. I came across this excellent post on a number of useful tips and tricks on ways to use SSH and these are not the ones you’re used to seeing.

16 ultimate SSH hacks

Digital Asset Executor

I wrote back in February 2009 about the idea of a personal digital legacy. It’s something I’ve spent some time thinking about and in some ways planning for. So much of our lives are in bytes now and preserving them in a lasting way is going to be a challenge. This post is about an aspect that is of more immediate concern. In my family I and the techie. I build my own computers, fix them for others and I keep the important electronic records and pay the bills electronically. This means I’m the one with all the online account passwords. I am the one with all of our financial records on my hard drive and just as important I am the one with the digital photo and video archives of our lives for the last 15+ years.

Being the techie I am, I use Linux, do plenty of backing up, practice safe password policies and in some of the above examples I use strong encryption to safeguard our personal and sensitive information. If something were to happen to me suddenly, be it amnesia, death or worse; there is the potential for some significant loss of digital assets. The data will survive me but will be inaccessible without the passwords and decryption keys that only I can use. So, this is something that has occupied my thoughts from time to time and I will share with you my current solution. I think it’s a pretty good start and welcome any ideas or criticism.

I’ve not yet settled on a name or term but the idea is something of a Digital Godfater or Digital Asset Executor. You get the idea. Someone who has been chosen to take on the responsibility of unlocking and releasing your digital assets to your heirs, or in any case the people that need them after you are out of the picture.

In my case, at this point in time no member of my immediate family has the tech know-how to handle this task. They may in the future but not now, so I have chosen someone else for the job. I’ll refer the them as “DAE” (Digital Asset Executor). I have known my DAE for long enough to know that they have the tech chops for the job and long enough to trust them. In this role, trust is important but there can be measures put in place to make sure that if DAE were to become untrustworthy they can still perform their duties reliably and securely. Regarding the DAE, it is essential that they have agreed to participate and are willing to perform this service. They have some responsibility of their own to maintain in order for this to work.

After the DAE is chosen the next step is to collect and organize all your digital assets. For myself, I have kept for years now a text file that I maintain with all current online accounts and their corresponding passwords. That file is in a folder along with many other digital assets including copies of Social Security cards, drivers licenses, credit cards, passports, tax returns, firearms paperwork and bank account numbers. Each one if those files is encrypted with GnuPG strong encryption. You may wonder why I have some of those things in digital form. Essentially it’s for disaster preparedness reasons. In the case of a disaster weather we have to leave home in a hurry or the house is destroyed, I have access to some important personal and financial data. Because I have backups in multiple geographic locations, even if I loose my laptop I can likely still get at it.

Next is preparing these assets for recovery in my absence. Here is what I have done it in a step by step process (this is after you have a willing and capable participant agreeable to act as your DAE) :

  1. Create a working folder, i.e. “DigitalAssetRecovery”
  2. Assemble copies of all digital assets (files) into one folder i.e. “assets”. Make sure all files are encrypted (GnuPG in my case) and compress that folder into a .tar or .zip file.
  3. Assemble copies of your encryption keys both public and private into a folder i.e “keys” and compress that folder.
  4. Write a short text document outlining your intent and instructions for your DAE.
  5. Write another text document that contains only and exactly, your pass-phrase for use of your encryption keys.
  6. Now, place the two compressed folders (keys and assets) along with the two text files into the working folder and compress the working folder.
  7. Encrypt the compressed working folder with the public key of your DAE (it is critical to the process that you use the DAEs’ public key and not your own).
  8. Delete the uncompressed/unencrypted copy of the working folder.
  9. Copy the encrypted working folder onto two types of media (CD-RW and USB key in my case). Attach instructions written on paper for how to contact the DAE and the importance of the data contained on the media and place them in a secure location such as a safe or safety deposit box that your survivors have access to. Delete the encrypted copy from your computer.
  10. Share your procedure with those that need to know.

Now what you have is a way for only your DAE (not even yourself) to access those assets that lie in the secure location. You will be relying on them to maintain their own encryption keys so that in the future when you need their services they will be able to perform the task. If you are concerned about their reliability, you can always have more than one DAE and just duplicate the process for each one. The only person in the world besides yourself that can get to your information now is your DAE. In that regard your data are not as secure as before because if  your DAE (and only the DAE) had physical access to the CD or USB stick you created, they could expose that data. This is why they don’t get access to the data until it is initiated by your heirs. In my case I have left written instructions on how to have the recovery session supervised and for no copies to be retained by the DAE after they have performed their duties. Trust but verify.

This is a bit of a tedious process and will require you to make an updated version from time to time and perhaps even change your DAE. It is however the most secure and reasonable procedure I have developed so far. This reminds me, I have an update to do.

A win for encryption and privacy.

Thank you EFF. From the article:

The 11th U.S. Circuit Court of Appeals agreed, ruling that the act of decrypting data is testimonial and therefore protected by the Fifth Amendment

From the moment we won our independence we have been resisting our governments attempt to take it away. It is a fight that will never be won but it must not be lost. It is a struggle organic to our system and evidence that our system is functioning. Fight to keep what belongs to you.

Who’s your backdoor man?

It’s ugly and getting more so. Proof that you can only rely on yourself when it comes to your digital privacy and security. You must be the one in control if you will have a chance to protect yourself. Details here. And a /. post here. After you read that you may need some comic relief: