Most people simply are unaware of how much personal data they leak on a
daily basis as they use their computers. Enter this weekend’s reading topic:
Privacy.
FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid
by Matthias Pfau
Seven years ago Tutanota was built, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, Tutanota’s team felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.
The Wire
by Shawn Powers
In the US, there has been recent concern over ISPs turning over logs to the
government. During the past few years, the idea of people snooping on our
private data (by governments and others) really has made encryption more
popular than ever before. One of the problems with encryption, however, is
that it’s generally not user-friendly to add its protection to your
conversations. Thankfully, messaging services are starting to take notice of
the demand. For me, I need a messaging service that works across multiple
platforms, encrypts automatically, supports group messaging and ideally can
handle audio/video as well. Thankfully, I found an incredible open-source
package that ticks all my boxes: Wire.
Facebook
Compartmentalization
by Kyle Rankin
Whenever people talk about protecting privacy on the internet, social-media
sites like Facebook inevitably come up—especially right now. It makes
sense—social networks (like Facebook) provide a platform where you can
share your personal data with your friends, and it doesn’t come as much of a
surprise to people to find out they also share that data with advertisers
(it’s how they pay the bills after all). It makes sense that Facebook uses
data you provide when you visit that site. What some people might be
surprised to know, however, is just how much. Facebook tracks them when they
aren’t using Facebook itself but just browsing around the web.
Some readers may solve the problem of Facebook tracking by saying “just
don’t use Facebook”; however, for many people, that site may be the only way
they can keep in touch with some of their friends and family members.
Although I don’t post on Facebook much myself, I do have an account and use
it to keep in touch with certain friends. So in this article, I explain how
I employ compartmentalization principles to use Facebook without leaking too
much other information about myself.
Protection,
Privacy and Playoffs
by Shawn Powers
I’m not generally a privacy nut when it comes to my digital life. That’s not
really a good thing, as I think privacy is important, but it often can be
very inconvenient. For example, if you strolled into my home office, you’d
find I don’t password-protect my screensaver. Again, it’s not because I want
to invite snoops, but rather it’s just a pain to type in my password every
time I come back from going to get a cup of tea. (Note: when I worked in a
traditional office environment, I did lock my screen. I’m sure working from
a home office is why I’m comfortable with lax security.)
A
Machine for Keeping Secrets?
by Vinay Gupta
The most important thing that the British War Office learned about
cryptography was how to keep a secret: Enigma was broken at Bletchley Park
early enough in World War II to change the course of the war—and of
history. Now here’s the thing: only if the breakthrough (called Ultra, which
gives you a sense of its importance) was secret could Enigma’s compromise be
used to defeat the Nazis. Breaking Enigma was literally the “zero-day” that
brought down an empire. Zero-day is a bug known only to an attacker.
Defenders (those creating/protecting the software) have never seen the
exploit and are, therefore, largely powerless to respond until they have
done analysis. The longer the zero-day is kept secret, and its use
undiscovered, the longer it represents absolute power.
Own Your
DNS Data
by Kyle Rankin
I honestly think most people simply are unaware of how much personal data
they leak on a daily basis as they use their computers. Even if they have
some inkling along those lines, I still imagine many think of the data they
leak only in terms of individual facts, such as their name or where they ate
lunch. What many people don’t realize is how revealing all of those
individual, innocent facts are when they are combined, filtered and
analyzed.
Cell-phone metadata (who you called, who called you, the length of the call
and what time the call happened) falls under this category, as do all of the
search queries you enter on the Internet.
For this article, I discuss a common but often overlooked source of data
that is far too revealing: your DNS data.
Tor
Security for Android and Desktop Linux
by Charles Fisher
The Tor Project presents an effective countermeasure against hostile and
disingenuous carriers and ISPs that, on a properly rooted and capable
Android device or Linux system, can force all network traffic through Tor
encrypted entry points (guard nodes) with custom rules for iptables. This
action renders all device network activity opaque to the upstream
carrier—barring exceptional intervention, all efforts to track a user
are afterward futile.