Difference between revisions of "Privacy"

From Organic Design wiki
(PGP Email: See Configure PGP for Email)
(See also: Panopticlick - EFF site testing your browser's defence against tracking and fingerprinting)
(153 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Privacy & Security ==
+
{{glossary}}[[File:SenseVideo.jpg|400px|right]][[File:NothingToSay.jpg|400px|right]]<onlyinclude>[[Privacy]] is the resource that is made available by ''Security'' which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In [[Organic Design]] this means that our [[peer-to-peer]] network must have a good distributed encryption and authentication mechanism in place so that [[trust group]]s can contain private information securely and persistently even when none of the [[member]]s are online.
Both terms come to this same page, but they have a slightly different meaning. ''Privacy'' is the resource that is made available by ''Security''. ''Security'' is a global organisation in the network composed of methods and computational, storage and bandwidth resource which is used to make the resource of privacy available according to local dynamic need.
 
  
=== Why do we need security? ===
+
Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even [[Bitcoin|digital money]].</onlyinclude>
Having good security is an important aspect of the network architecture because it is designed to handle financial accounting and budgeting of its member organisations. Also, the users of the network need to be confident that private information such as passwords or personal details really are private.
 
  
''Many people believe that, if you have nothing to hide, there is nothing to fear from all this scrutiny. But if you resist the urge to pick your nose while others are present, or close the door when you go to the toilet, you are a privacy advocate. "When you realise that your whole life is under view," says the Tory MP David Davis, "it’s inhibiting." (from [http://women.timesonline.co.uk/tol/life_and_style/women/the_way_we_live/article7096105.ece Can you disappear in surveillance Britain?])''
+
Many people believe that, [[w:Nothing to hide argument|if you have nothing to hide, there is nothing to fear]] from all this scrutiny. But if you resist the urge to pick your nose while others are present, or close the door when you go to the toilet, you are a privacy advocate. "When you realise that your whole life is under view," says the Tory MP David Davis, "it’s inhibiting." (from [http://women.timesonline.co.uk/tol/life_and_style/women/the_way_we_live/article7096105.ece Can you disappear in surveillance Britain?]). For more detailed information on this aspect of privacy, see [http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html Debunking a myth: If you have nothing to hide, you have nothing to fear].
  
=== Real security a myth? ===
+
{{quote|If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.|Eric Schmidt (CEO of Google)}}
There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is ''mathematically impossible'' to break, even by quantum computation - it is said to exhibit [[Wikipedia:Information theoretic security|information theoretic security]]. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.
 
  
=== Forms of security ===
+
== Real security a myth? ==
*Internet browsing
+
[[File:Security camera--.jpg|right|300px]]There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is ''mathematically impossible'' to break, even by quantum computation - it is said to exhibit [[Wikipedia:Information theoretic security|information theoretic security]]. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.
*Email and communications
+
 
*Financial transactions
+
== Anonymous search ==
 +
The [http://duckduckgo.com/about.html DuckDuckGo] search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.
 +
 
 +
== VPNs ==
 +
*[https://riseup.net/en/vpn RiseupVPN] ''- based on OpenVPN but zero-conf''
 +
*[https://github.com/SadeghHayeri/GreenTunnel Green Tunnel] ''- bypasses Deep Packet Inspection systems found in many ISPs which block access to certain websites''
  
 
== Anonymous Internet browsing ==
 
== Anonymous Internet browsing ==
 
Apart from the standard practice of using HTTPS connections when working with private content, it is also important to preserve anonymity - i.e. not giving away any information about the source of the web page requests. We use the Firefox browser with the [https://addons.mozilla.org/en-US/firefox/addon/2275 TorButton] add-on. There also another called [https://addons.mozilla.org/en-US/firefox/addon/3606 FoxTor] but I haven't tried that one yet. These solutions both use the [[w:TOR|TOR]] (The Onion Router) to achieve anonymity.
 
Apart from the standard practice of using HTTPS connections when working with private content, it is also important to preserve anonymity - i.e. not giving away any information about the source of the web page requests. We use the Firefox browser with the [https://addons.mozilla.org/en-US/firefox/addon/2275 TorButton] add-on. There also another called [https://addons.mozilla.org/en-US/firefox/addon/3606 FoxTor] but I haven't tried that one yet. These solutions both use the [[w:TOR|TOR]] (The Onion Router) to achieve anonymity.
  
The add-on is easy enough to install, but I found that I also needed to '''apt-get install polipo''' and change the port settings in the ''TorButton'' preferences. The HTTP and SSL had to be changed from ''8118'' to '''8123''' and the SOCKS from ''9050'' to '''4424'''. I found the ports that ''polipo'' was using with '''netstat -lp|grep polipo'''. After installation, you can check if it's working by switching it on and then checking [http://www.whatsmyip.org/ your ip address] and it's estimated [http://www.whatsmyip.org/iplocation geographical location].
+
The add-on is easy enough to install, but I found that I also needed to '''apt-get install polipo''' and change the port settings in the ''TorButton'' preferences. The HTTP and SSL had to be changed from ''8118'' to '''8123''' and the SOCKS from ''9050'' to '''4424'''. I found the ports that ''polipo'' was using with '''netstat -lp|grep polipo'''. After installation, you can check if it's working by switching it on and then checking [http://www.whatsmyip.org/ your ip address] and its estimated [http://www.whatsmyip.org/iplocation geographical location].
  
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
  
== PGP Email ==
+
== Private voice & video chat ==
See [[Configure PGP for Email]]
+
*[[Jitsi]] ''- our favourite alternative video/voice solution currently!''
 +
*[[Big Blue Button]] ''- only available for Ubuntu 16 currently''
 +
*[https://getsession.org Session] ''- privacy focused IM for all major dekstop and mobile platforms''
 +
*[https://nextcloud.com/talk/ Nextcloud talk]
 +
*[https://tox.chat Tox]
 +
*[https://matrix.org Matrix] and [https://riot.im Riot] ''- Riot uses the Matrix neetwork, and both use Jitsi for conferencing''
 +
*[https://threema.ch Threema] ''- see also [https://news.ycombinator.com/item?id=18839731 thread about Threema's security]''
 +
*[https://jami.net/ Jami] ''- available for all desktop and mobile platforms, used to be Ring (not to be confused with the Amazon company [https://www.vice.com/en_us/topic/watching-ourselves Ring Inc.])''
 +
*[https://sylkserver.com SylkServer] ''- another WebRTC solution, have not tried this yet''
 +
*<s>[https://wire.com Wire]</s> ''- why has sold out :-(''
 +
*<s>[https://www.signal.org/ Signal]</s> ''- see also [https://drewdevault.com/2018/08/08/Signal.html why I don't trust signal]''
 +
**[https://signal.org/blog/looking-back-on-the-front/ Google and Amazon prove how shit they are when it comes to protecting user's privacy by making sure Signal can be censored again]
 +
*<s>[https://www.telegram.org/ Telegram]</s> ''- see also [https://gitlab.com/edu4rdshl/blog/blob/master/why-telegram-is-insecure.md a deeper look at Telegram's encryption] (not awesome)''
  
== P2P Method ==
+
== Private communications apps and info ==
The privacy concept uses a portion of its global bandwidth resource to distribute private keys over all available data streams. This resource comes from the support that the privacy concept gains from usage.
+
*[[PGP]] ''- do it the good ol' fashioned way!''
 +
*[https://keybase.io Keybase] ''- mainly focused at devs, but very secure chat using [https://keybase.io/blog/chat-apps-softer-than-tofu trusted device chains]''
 +
**[https://wedistribute.org/2019/03/pattle-is-a-new-im-like-client-for-matrix/ Pattle]
 +
*[https://briarproject.org/ Briar]
 +
*[http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html First Silent Circle, now private file transfer from phones]
 +
*[http://www.cypherpunks.ca/otr/ Off-the-Record Messaging]
 +
*[http://code.google.com/p/torchat/ TOR chat]
 +
*[https://gli.ph/ Gliph] ''- Secure Texting + Bitcoin Payments''
 +
*[https://schleuder.org/schleuder/docs/concept.html Schleuder] ''- a privacy focussed email discussion list server''
  
This privacy is handled with any of the standard algorithms such as DES or AES, but using the inherent organisational methods to generate and maintain a diverse population of private keys so that any context of information can be made arbitrarily secure dynamically and independently. A small portion of bandwidth is dedicated to random connectivity for creating keys with more diverse properties, and for finding new efficient routes.
+
== Projects ==
 +
*[https://github.com/StreisandEffect/streisand Streisand] ''- very simple to set up reproducible privacy system''
 +
*[https://myshadow.org/resources Me and my shadow] ''- take control of your data''
 +
*[https://nomoregoogle.com/ NoMoreGoogle.com] ''- alternative privacy-aware apps''
 +
*[https://riseup.net RiseUp.net] ''- another alternatives sites''
 +
*[https://project.crypto.cat/ Cryptocat] ''- open-source web-based private chat''
 +
*[https://github.com/nopara73/ZeroLink ZeroLink] ''- very good looking Bitcoin mixer project''
 +
*<s>[https://silentcircle.com/index.php Silent Circle]</s> ''- Private comms of email, mobile, voip, IM and teleconferencing, by Dr. Zimmerman and others''
 +
*[http://retroshare.sourceforge.net/ Retroshare] ''- Open Source cross-platform, private and secure decentralised communication platform. It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels''
 +
*[http://waterken.sourceforge.net/ Waterken]
 +
*[[w:GNU Privacy Guard|GNU Privacy Guard (GPG)]] ''- GNU implementation of the OpenPGP standard''
 +
*[http://www.strongswan.org/ StrongSwan - IPsec for Linux]
 +
*[http://learn.adafruit.com/onion-pi?view=all Onion Pi] ''- TOR on Pi''
 +
*[https://github.com/torservers/onionize-docker Onionize] ''- Docker container that exposes other selected containers as TOR hidden services''
 +
*[http://www.prism-break.org prism-break.org] ''- stop reporting your online activities to the US government with these free alternatives to proprietary software''
 +
*[https://tails.boum.org/about/index.en.html Tails] ''- Debian with onion, takeaway style!''
 +
*[https://www.privateinternetaccess.com/ Private Internet Access (PIA)] ''- VPN provider committed to privacy, no logging and excellent legal support''
 +
*[http://silentvault.com Silent Vault] ''- using voucher-safe to make bitcoin anonymous''
 +
*[http://okturtles.com/ okTurtles + DNSChain] ''- excellent project addressing issues with HTTPS and certificate authority fraud''
 +
*[http://zeronet.io ZeroNet] ''- decentralised websites using Bitcoin crypto and the BitTorrent network''
 +
*[http://fossbytes.com/mit-anonymity-network-riffle-more-secure-tor/ Rifle] ''- more secure and efficient alternative to Tot and I2P underway at MIT''
 +
*[https://microg.org/ MicroG] ''- a libre software alternative to Android making good progress''
 +
*[https://e.foundation/ e-Foundation] ''- privacy focused phone OS's''
  
When a context requires its connected streams to be authenticated, it generates random content along with a randomly selected key it shares in common with the peer. The context expects a hash of the random content and private value associated with the key. This can happen any number of times and can also occur independently of the context directly between peers.
+
== Related news & views ==
 
+
*2020-04-18: [https://www.coindesk.com/decentralized-protocol-removed-from-eu-contact-tracing-website-with-no-notice Decentralized Protocol Removed From EU Contact Tracing Website Without Notice]
=== Available key properties/constraints ===
+
*2020-04-17: [https://www.coindesk.com/btcpay-looks-to-anonymize-bitcoin-transactions-with-payjoin-integration BTCPay Looks to Anonymize Bitcoin Transactions With PayJoin Integration]
*Age - must be younger than X, must be older than X
+
*2020-04-11: [https://www.sovereignman.com/trends/welcome-to-your-new-freedoms-shoot-them-dead-27647 Sovereign Man on the effects of Corona on our privacy and liberties]
*Media it has resided on (RAM, HDD, Removable etc)
+
*2020-02-09: [https://www.protocol.com/mozilla-plan-fix-internet-privacy Mozilla lost the browser wars. It still thinks it can save the internet] ''- the inside story of a very long, sometimes lonely and totally quixotic quest''
*Peers it has resided on
+
*2019-11-22: [https://www.rt.com/news/474137-breach-billion-users-data-cloud/ 1.2 BILLION people’s data – including social media profiles and contact info – found on unsecured Google Cloud server]
*Protocols it has travelled through
+
*2019-11-13: [https://qrius.com/amazons-roadmap-for-alexa-just-may-be-the-scariest-thing-big-tech-is-doing Amazon’s roadmap for Alexa Just May Be the Scariest Thing Big Tech is Doing]
 +
*2019-04-07: [https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ All major browsers except Fierfox and Brave forcing click trackable links]
 +
*2019-01-21: [https://youtu.be/LOulCAz4S0M How to Disappear Completely] ''- great talk by Lilly Ryan about face recognition algorithms''
 +
*2019-01-20: [https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2 Google says the built-in microphone it never told Nest users about was "never supposed to be a secret"]
 +
*2019-01-13: [https://ar.al/2019/01/11/i-was-wrong-about-google-and-facebook-theres-nothing-wrong-with-them-so-say-we-all/ Are Google, Facebook, Microsoft and Apple actually pretty cool after all?] ''- Aral Balkan apologises for thinking they might not have our best interests at heart''
 +
*2018-11-28: [https://medium.com/@googlersagainstdragonfly/we-are-google-employees-google-must-drop-dragonfly-4c8a30c5e5eb We are Google employees. Google must drop Dragonfly]
 +
*2018-09-05: [https://www.youtube.com/watch?v=eW-OMR-iWOE Ass Access] ''- Honest Government Ad, [https://boingboing.net/2018/09/04/illegal-math.html Oh FFS, not this again!]''
 +
*2017-09-18: [https://boingboing.net/2017/09/18/antifeatures-for-all.html W3C and Tim Berners-Lee go all fucked up and EFF resigns]
 +
*2017-07-23: [https://www.privateinternetaccess.com/blog/2017/07/xinjiang-china-police-set-checkpoints-ensure-government-mandated-jingwang-spyware-installed/ In Xinjiang, China, police have set up checkpoints to ensure that the government-mandated "Jingwang" spyware is installed]
 +
*2017-04-27: [http://www.activistpost.com/2017/04/coalition-forms-to-stop-trump-admin-from-forcing-travelers-to-give-up-passwords.html Coalition Forms To Stop Trump Admin From Forcing Travellers To Give Up Passwords]
 +
*2017-03-16: [http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11643409 New Zealand Customs likely to get power to gain passwords]
 +
*2017-03-10: [https://wikileaks.org/ciav7p1/ WikiLeaks "Vault-7" press release]
 +
*2017-01-20: [https://bitcoinmagazine.com/articles/why-financial-privacy-about-more-using-bitcoin-buy-drugs-internet/ Why Financial Privacy Is About More Than Using Bitcoin to Buy Drugs on the Internet]
 +
*2016-10-26: [https://bitcoinmagazine.com/articles/with-tumblebit-bitcoin-mixing-may-have-found-its-winning-answer-1477423607 TumbleBit] ''- a mixing protocol that extends CoinSwap ([https://eprint.iacr.org/2016/575.pdf paper], [https://github.com/BUSEC/TumbleBit code])''
 +
*2015-08-25: [http://www.coindesk.com/bitcoin-privacy-advances-first-coinshuffle-transaction/ Bitcoin Privacy Tool "CoinShuffle" Sees First Transaction]
 +
*2016-01-04: [http://www.dailydot.com/politics/dutch-encryption-cabinet-backdoor/ Dutch government backs strong encryption, condemns backdoors]
 +
*2015-10-10: [https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared EFF: The Final Leaked TPP Text is All That We Feared]
 +
*2015-02-26: [http://tucker.liberty.me/2015/02/26/net-neutrality-triumph-of-the-ruling-class/ Net Neutrality: Triumph of the Ruling Class]
 +
*2015-02-13: [https://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans Facebook's Name Policy Strikes Again, This Time at Native Americans]
 +
*2015-01-13: [http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html End-to-end encryption ban on the table in UK]
 +
*2014-12-23: [http://bitcoinschannel.com/the-tor-onion-is-under-attack-and-rapidly-disintegrating/ The Tor Onion Is Under Attack and Rapidly Disintegrating]
 +
*2014-11-19: [https://www.cryptocoinsnews.com/freedom-act-fails-pass-senate/ Freedom Act Fails To Pass Senate]
 +
*2014-11-14: [http://thestack.com/chakravarty-tor-traffic-analysis-141114 81% of Tor users can be de-anonymised by analysing router information, research indicates]
 +
*2014-10-10: [http://bitcoinwarrior.net/2014/10/governments-war-right-encrypted-privacy/ The Government’s War on Your Right to Encrypted Privacy]
 +
*2014-10-01: [http://www.theguardian.com/technology/2014/oct/02/facebook-sorry-secret-psychological-experiment-users?CMP=twt_gu Facebook sorry – almost – for secret psychological experiment on users]
 +
*2014-09-28: [http://www.zerohedge.com/news/2014-09-27/fbi-blasts-apple-google-phone-encryption-it-allows-people-be-beyond-law FBI Blasts Apple, Google Phone Encryption: It "Allows People To Be Beyond The Law"]
 +
*2014-09-14: [https://firstlook.org/theintercept/2014/09/14/nsa-stellar/ The NSA and GCHQ Campaign Against German Satellite Companies - The Intercept]
 +
*2014-08-27: [http://cointelegraph.com/news/112378/dark-wallet-vs-bitcoin-fog-battle-of-anonymous-bitcoin-services Dark Wallet vs Bitcoin Fog: Battle Of Anonymous Bitcoin Services]
 +
*2014-07-17: [http://rt.com/news/173308-hidden-censorship-forgotten-google/ Censorship war: Website unmasks links Google is blocking from search results]
 +
*2014-05-20: [https://nz.news.yahoo.com/a/-/technology/23536582/latest-leaks-raises-questions-about-nzs-surveillance/ Latest leaks 'raises questions about NZ's surveillance']
 +
*2014-04-18: [http://rt.com/usa/irs-license-plate-readers-440/ IRS awarded contract to surveillance company that tracks license plates]
 +
*2013-12-19: [http://rt.com/usa/apple-mac-webcam-fbi-508/ Webcams can be covertly compromised by cops and hackers]
 +
*2013-11-20: [http://thecable.foreignpolicy.com/posts/2013/11/20/exclusive_inside_americas_plan_to_kill_online_privacy_rights_everywhere Inside America's Plan to Kill Online Privacy Rights Everywhere]
 +
*2013-11-01: [http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1 NSA Files: Decoded] ''- what the revelations mean for you''
 +
*2013-10-27: [http://arstechnica.com/tech-policy/2013/10/how-one-small-american-vpn-company-is-trying-to-stand-up-for-privacy/ How one small American VPN company is trying to stand up for privacy]
 +
*2013-10-27: [http://rt.com/op-edge/global-spying-uk-media-792/ "Self-censored UK media" frightened to show true outrage with global spying]
 +
*2013-10-10: [http://www.zerohedge.com/news/2013-07-09/nsa-has-inserted-its-code-android-os-bugging-three-quarters-all-smartphones NSA has inserted its code into Android]
 +
*2013-08-31: [http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11117246 Privacy watch on Facebook's tagging moves] ''- Facebook consideres new "suggest tag" feature''
 +
*2013-08-21: [http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp How to Keep the NSA Out of Your Computer] ''- sick of government spying, corporate monitoring, and overpriced ISPs? There's a cure for that''
 +
*2013-08-20: [http://www.groklaw.net/article.php?story=20130818120421175 Groklaw - forced exposure]
 +
*2013-08-09: [http://www.theguardian.com/technology/2013/aug/08/lavabit-email-shut-down-edward-snowden Lavabit email service abruptly shut down] ''- founder of Lavabit said he would not be complicit in "crimes against the American people"''
 +
*2013-08-14: [http://rt.com/usa/google-gmail-motion-privacy-453/ Google: Gmail users "have no legitimate expectation of privacy"]
 +
*2013-07-27: [http://rt.com/news/new-zealand-protest-bill-683/ New Zealanders protest national security bill]
 +
*2013-07-17: [http://on.rt.com/frcmzh Yahoo wins lawsuit to declassify docs of proving resistance to PRISM]
 +
*2013-07-15: [http://rt.com/shows/sophieco/snowden-leak-privacy-surveillance-093/ Richard Stallman: Snowden leak a chance for privacy, time to fight]
 +
*2012-08-05: [http://articles.mercola.com/sites/articles/archive/2012/08/05/internet-security-virus.aspx If You See This Google Warning, Act Fast: Big Brother is Watching]
 +
*2011-06-28: [http://venturebeat.com/2011/06/28/microsoft-scores-patent-for-web-based-spying-technology/ Microsoft patent allows for web-based spying technology]
  
 
== See also ==
 
== See also ==
*[[w:GNU Privacy Guard|GNU Privacy Guard (GPG)]] ''- GNU implementation of the OpenPGP standard''
+
*[[Security]]
 
*[http://www.securityfocus.com/infocus/1876 SSH hacks]
 
*[http://www.securityfocus.com/infocus/1876 SSH hacks]
 
*[[:File:DayOfReckoningForHavens.jpg|Day of reckoning for Tax Havens]] ''- Article from the Sunday Star Times on May 16, 2010''
 
*[[:File:DayOfReckoningForHavens.jpg|Day of reckoning for Tax Havens]] ''- Article from the Sunday Star Times on May 16, 2010''
 
*[http://www.telegraph.co.uk/technology/google/7802257/Google-WiFi-privacy-row-Eric-Schmidt-admits-search-engine-screwed-up.html Google Wi-Fi privacy row]
 
*[http://www.telegraph.co.uk/technology/google/7802257/Google-WiFi-privacy-row-Eric-Schmidt-admits-search-engine-screwed-up.html Google Wi-Fi privacy row]
 
*[http://arstechnica.com/telecom/news/2010/08/a-paper-trail-of-betrayal-googles-net-neutrality-collapse.ars A paper trail of betrayal: Google's net neutrality collapse]
 
*[http://arstechnica.com/telecom/news/2010/08/a-paper-trail-of-betrayal-googles-net-neutrality-collapse.ars A paper trail of betrayal: Google's net neutrality collapse]
[[Category:Glossary]]
+
*[[Wikipedia:Secret sharing]]
 +
*[[W:Shamir's Secret Sharing|Shamir's Secret Sharing]] ''- an algorithm for group privacy''
 +
*[http://www.propublica.org/article/how-a-grad-student-scooped-the-ftc-and-what-it-means-for-your-online-privac/single How a Lone Grad Student Scooped the Government and What It Means for Your Online Privacy]
 +
*[http://www.pcworld.com/article/229742/why_facebooks_facial_recognition_is_creepy.html Why Facebook's Facial Recognition is Creepy]
 +
*[http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-their-discretion Cisco’s cloud vision: Mandatory, monetized, and killed at their discretion]
 +
*[http://nakedsecurity.sophos.com/2011/10/10/german-government-r2d2-trojan-faq/ German 'Government' R2D2 Trojan FAQ]
 +
*[http://meta.stackoverflow.com/questions/44717/is-gravatar-a-privacy-risk Is Gravatar a privacy risk] ''- why yes, yes it is!''
 +
*[http://www.kimpl.com/anonymous-distros/ Anonymous Distros]
 +
*[http://www.sovereignman.com/nsa-black-paper NSA black paper] ''- excellent intro to online privacy for non-technical users''
 +
*[https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy Deploying perfect forward secrecy]
 +
*[http://etherrag.blogspot.jp/2013/07/duck-duck-go-illusion-of-privacy.html Duck Duck Go: Illusion of Privacy] ''- some interesting comments at the bottom including one by DDG CEO''
 +
*[https://www.ivpn.net/privacy-guides/an-introduction-to-tor-vs-i2p An introduction to Tor vs I2P]
 +
*[[w:Nothing to hide argument|Nothing to hide argument]]
 +
*[http://www.aboutads.info/choices/#optout-all Opt out from online behavioural advertising]
 +
*[http://www.hiddenfromgoogle.com HiddenFromGoogle.com]
 +
*[http://www.wired.com/2014/08/edward-snowden/ Edward Snowden: The Untold Story] ''- WIRED''
 +
*[http://www.outlookindia.com/article/things-that-can-and-cannot-be-said/295796 Things That Can And Cannot Be Said] ''- meeting between Arundhati Roy, John Cusack, Dan Ellsberg and Edward Snowden''
 +
*[http://fusion.net/story/238742/tor-carnegie-mellon-attack/ The attack that broke the Dark Web—and how Tor plans to fix it]
 +
*[https://theintercept.com/2016/02/26/eight-memorable-passages-from-apples-fiery-response-to-the-fbi/ Eight Memorable Passages From Apple’s Fiery Response to the FBI]
 +
*[http://groups.csail.mit.edu/mac/classes/6.805/articles/crypto/cypherpunks/may-crypto-manifesto.html The Crypto Anarchist Manifesto] ''- Tim May, 1988''
 +
*[http://www.activism.net/cypherpunk/manifesto.html A Cypherpunk's Manifesto] ''- Eric Hughes, 1993''
 +
*[https://medium.com/s/trustissues/find-out-what-google-and-facebook-know-about-you-31d0fa6d7b61 Find out what Google and Facebook know about you]
 +
*[https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report How Apps on Android Share Data with Facebook] ''- even if you don't have an account on Facebook''
 +
*[https://ar.al/2019/02/14/privacy-is-not-a-science-it-is-a-human-right/ Privacy is not a science, it is a human right] ''- Aral Balkan responds to van der Sloots "privacy science" bullshit''
 +
*[https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/ The Encryption Debate Is Over - Dead At The Hands Of Facebook]
 +
*[https://thenextweb.com/facebook/2018/03/21/facebook-and-cambridge-analytica-heres-what-you-need-to-know/ Facebook and Cambridge Analytica: Here’s what you need to know]
 +
*[https://www.darkpatterns.org/types-of-dark-pattern Dark Patterns] ''- ways corporate sites trick you into giving away your privacy and power''
 +
*[https://njal.la/ Njalla] ''- anonymous domain registration taken seriously''
 +
*[https://www.takebackyourpower.net/comprehensive-report-how-smart-meters-invade-privacy/ Comprehensive report on how smart meters invade privacy]
 +
*[https://panopticlick.eff.org/ Panopticlick] ''- EFF site testing your browser's defence against tracking and fingerprinting''
 +
[[Category:Philosophy]][[Category:Security]]

Revision as of 02:41, 5 May 2020

Glossary.svg This page describes a concept which is part of our glossary
SenseVideo.jpg
NothingToSay.jpg

Privacy is the resource that is made available by Security which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In Organic Design this means that our peer-to-peer network must have a good distributed encryption and authentication mechanism in place so that trust groups can contain private information securely and persistently even when none of the members are online.

Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even digital money.

Many people believe that, if you have nothing to hide, there is nothing to fear from all this scrutiny. But if you resist the urge to pick your nose while others are present, or close the door when you go to the toilet, you are a privacy advocate. "When you realise that your whole life is under view," says the Tory MP David Davis, "it’s inhibiting." (from Can you disappear in surveillance Britain?). For more detailed information on this aspect of privacy, see Debunking a myth: If you have nothing to hide, you have nothing to fear.

Quote.pngIf you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
— Eric Schmidt (CEO of Google)

Real security a myth?

Security camera--.jpg

There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is mathematically impossible to break, even by quantum computation - it is said to exhibit information theoretic security. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.

Anonymous search

The DuckDuckGo search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.

VPNs

  • RiseupVPN - based on OpenVPN but zero-conf
  • Green Tunnel - bypasses Deep Packet Inspection systems found in many ISPs which block access to certain websites

Anonymous Internet browsing

Apart from the standard practice of using HTTPS connections when working with private content, it is also important to preserve anonymity - i.e. not giving away any information about the source of the web page requests. We use the Firefox browser with the TorButton add-on. There also another called FoxTor but I haven't tried that one yet. These solutions both use the TOR (The Onion Router) to achieve anonymity.

The add-on is easy enough to install, but I found that I also needed to apt-get install polipo and change the port settings in the TorButton preferences. The HTTP and SSL had to be changed from 8118 to 8123 and the SOCKS from 9050 to 4424. I found the ports that polipo was using with netstat -lp|grep polipo. After installation, you can check if it's working by switching it on and then checking your ip address and its estimated geographical location.

Another useful related addon to Firefox is the User Agent Switcher.

Private voice & video chat

Private communications apps and info

Projects

  • Streisand - very simple to set up reproducible privacy system
  • Me and my shadow - take control of your data
  • NoMoreGoogle.com - alternative privacy-aware apps
  • RiseUp.net - another alternatives sites
  • Cryptocat - open-source web-based private chat
  • ZeroLink - very good looking Bitcoin mixer project
  • Silent Circle - Private comms of email, mobile, voip, IM and teleconferencing, by Dr. Zimmerman and others
  • Retroshare - Open Source cross-platform, private and secure decentralised communication platform. It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels
  • Waterken
  • GNU Privacy Guard (GPG) - GNU implementation of the OpenPGP standard
  • StrongSwan - IPsec for Linux
  • Onion Pi - TOR on Pi
  • Onionize - Docker container that exposes other selected containers as TOR hidden services
  • prism-break.org - stop reporting your online activities to the US government with these free alternatives to proprietary software
  • Tails - Debian with onion, takeaway style!
  • Private Internet Access (PIA) - VPN provider committed to privacy, no logging and excellent legal support
  • Silent Vault - using voucher-safe to make bitcoin anonymous
  • okTurtles + DNSChain - excellent project addressing issues with HTTPS and certificate authority fraud
  • ZeroNet - decentralised websites using Bitcoin crypto and the BitTorrent network
  • Rifle - more secure and efficient alternative to Tot and I2P underway at MIT
  • MicroG - a libre software alternative to Android making good progress
  • e-Foundation - privacy focused phone OS's

Related news & views

See also