Difference between revisions of "Privacy"

From Organic Design wiki
(See also: German 'Government' R2D2 Trojan FAQ)
(OTR and TOR chat)
Line 1: Line 1:
{{cleanup}}{{glossary}}<onlyinclude>[[Privacy]] is the resource that is made available by ''Security'' which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In [[OrganicDesign]] this means that our [[peer-to-peer network]] must have a good distributed encryption and authentication mechanism in place so that [[trust group]]s can contain private information securely and persistently even when none of the [[member]]s are online.
+
{{glossary}}<onlyinclude>[[Privacy]] is the resource that is made available by ''Security'' which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In [[OrganicDesign]] this means that our [[peer-to-peer network]] must have a good distributed encryption and authentication mechanism in place so that [[trust group]]s can contain private information securely and persistently even when none of the [[member]]s are online.
  
 
Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even [[Bitcoin|digital money]].</onlyinclude>
 
Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even [[Bitcoin|digital money]].</onlyinclude>
Line 7: Line 7:
 
== Real security a myth? ==
 
== Real security a myth? ==
 
[[File:Security camera--.jpg|right|300px]]There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is ''mathematically impossible'' to break, even by quantum computation - it is said to exhibit [[Wikipedia:Information theoretic security|information theoretic security]]. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.
 
[[File:Security camera--.jpg|right|300px]]There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is ''mathematically impossible'' to break, even by quantum computation - it is said to exhibit [[Wikipedia:Information theoretic security|information theoretic security]]. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.
 
== Forms of imformational security ==
 
*Internet browsing
 
*Email and communications
 
*Financial transactions
 
  
 
== Anonymous search ==
 
== Anonymous search ==
Line 23: Line 18:
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
  
== PGP Email ==
+
== Private communications ==
See [[Configure PGP for Email]]
+
*[[Configure PGP for Email|PGP email]]
 
+
*[http://www.cypherpunks.ca/otr/ Off-the-Record Messaging]
== P2P Method ==
+
*[http://code.google.com/p/torchat/ TOR chat]
The privacy concept uses a portion of its global bandwidth resource to distribute private keys over all available data streams. This resource comes from the support that the privacy concept gains from usage.
 
 
 
This privacy is handled with any of the standard algorithms such as DES or AES, but using the inherent organisational methods to generate and maintain a diverse population of private keys so that any context of information can be made arbitrarily secure dynamically and independently. A small portion of bandwidth is dedicated to random connectivity for creating keys with more diverse properties, and for finding new efficient routes.
 
 
 
When a context requires its connected streams to be authenticated, it generates random content along with a randomly selected key it shares in common with the peer. The context expects a hash of the random content and private value associated with the key. This can happen any number of times and can also occur independently of the context directly between peers.
 
 
 
=== Available key properties/constraints ===
 
*Age - must be younger than X, must be older than X
 
*Media it has resided on (RAM, HDD, Removable etc)
 
*Peers it has resided on
 
*Protocols it has travelled through
 
  
 
== See also ==
 
== See also ==

Revision as of 02:32, 19 August 2012

Glossary.svg This page describes a concept which is part of our glossary

Privacy is the resource that is made available by Security which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In OrganicDesign this means that our peer-to-peer network must have a good distributed encryption and authentication mechanism in place so that trust groups can contain private information securely and persistently even when none of the members are online.

Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even digital money.

Many people believe that, if you have nothing to hide, there is nothing to fear from all this scrutiny. But if you resist the urge to pick your nose while others are present, or close the door when you go to the toilet, you are a privacy advocate. "When you realise that your whole life is under view," says the Tory MP David Davis, "it’s inhibiting." (from Can you disappear in surveillance Britain?). For more detailed information on this aspect of privacy, see Debunking a myth: If you have nothing to hide, you have nothing to fear.

Real security a myth?

Security camera--.jpg

There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is mathematically impossible to break, even by quantum computation - it is said to exhibit information theoretic security. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.

Anonymous search

The DuckDuckGo search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.

Anonymous Internet browsing

Apart from the standard practice of using HTTPS connections when working with private content, it is also important to preserve anonymity - i.e. not giving away any information about the source of the web page requests. We use the Firefox browser with the TorButton add-on. There also another called FoxTor but I haven't tried that one yet. These solutions both use the TOR (The Onion Router) to achieve anonymity.

The add-on is easy enough to install, but I found that I also needed to apt-get install polipo and change the port settings in the TorButton preferences. The HTTP and SSL had to be changed from 8118 to 8123 and the SOCKS from 9050 to 4424. I found the ports that polipo was using with netstat -lp|grep polipo. After installation, you can check if it's working by switching it on and then checking your ip address and its estimated geographical location.

Another useful related addon to Firefox is the User Agent Switcher.

Private communications

See also