Difference between revisions of "Privacy"

From Organic Design
(Private communications apps and info: Schleuder - a privacy focussed email discussion list server)
m (Private voice & video chat: Ring is not Ring Inc)
 
(10 intermediate revisions by the same user not shown)
Line 12: Line 12:
 
== Anonymous search ==
 
== Anonymous search ==
 
The [http://duckduckgo.com/about.html DuckDuckGo] search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.
 
The [http://duckduckgo.com/about.html DuckDuckGo] search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.
 +
 +
== VPNs ==
 +
*[https://riseup.net/en/vpn RiseupVPN] ''- based on OpenVPN but zero-conf''
  
 
== Anonymous Internet browsing ==
 
== Anonymous Internet browsing ==
Line 20: Line 23:
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
 
Another useful related addon to Firefox is the [https://addons.mozilla.org/en-US/firefox/addon/59/ User Agent Switcher].
  
== Private communications apps and info ==
+
== Private voice & video chat ==
*[https://wire.com Wire] ''- see also [https://techcrunch.com/2017/02/10/messaging-app-wire-now-has-an-external-audit-of-its-e2e-crypto/ why Wire's looking good]''
+
*[[Jitsi]]
 +
*[https://nextcloud.com/talk/ Nextcloud talk]
 
*[https://tox.chat Tox]
 
*[https://tox.chat Tox]
*[https://keybase.io Keybase] ''- mainly focused at devs, but very secure chat using [https://keybase.io/blog/chat-apps-softer-than-tofu trusted device chains]''
+
*[https://matrix.org Matrix]
*[https://jami.net/ Jami] ''- available for all desktop and mobile platforms, used to be Ring''
+
**[https://riot.im Riot]
 
*[https://threema.ch Threema] ''- see also [https://news.ycombinator.com/item?id=18839731 thread about Threema's security]''
 
*[https://threema.ch Threema] ''- see also [https://news.ycombinator.com/item?id=18839731 thread about Threema's security]''
*[https://www.signal.org/ Signal] ''- see also [https://drewdevault.com/2018/08/08/Signal.html why I don't trust signal]''
+
*[https://jami.net/ Jami] ''- available for all desktop and mobile platforms, used to be Ring (not to be confused with the Amazon company [https://www.vice.com/en_us/topic/watching-ourselves Ring Inc.])''
 +
*<s>[https://wire.com Wire]</s> ''- why has sold out :-(''
 +
*<s>[https://www.signal.org/ Signal]</s> ''- see also [https://drewdevault.com/2018/08/08/Signal.html why I don't trust signal]''
 
**[https://signal.org/blog/looking-back-on-the-front/ Google and Amazon prove how shit they are when it comes to protecting user's privacy by making sure Signal can be censored again]
 
**[https://signal.org/blog/looking-back-on-the-front/ Google and Amazon prove how shit they are when it comes to protecting user's privacy by making sure Signal can be censored again]
*[https://www.telegram.org/ Telegram] ''-see also [https://gitlab.com/edu4rdshl/blog/blob/master/why-telegram-is-insecure.md a deeper look at Telegram's encryption] (not awesome)''
+
*<s>[https://www.telegram.org/ Telegram]</s> ''- see also [https://gitlab.com/edu4rdshl/blog/blob/master/why-telegram-is-insecure.md a deeper look at Telegram's encryption] (not awesome)''
*[https://matrix.org Matrix]
+
 
**[https://riot.im Riot]
+
== Private communications apps and info ==
 +
*[https://keybase.io Keybase] ''- mainly focused at devs, but very secure chat using [https://keybase.io/blog/chat-apps-softer-than-tofu trusted device chains]''
 
**[https://wedistribute.org/2019/03/pattle-is-a-new-im-like-client-for-matrix/ Pattle]
 
**[https://wedistribute.org/2019/03/pattle-is-a-new-im-like-client-for-matrix/ Pattle]
 
*[https://briarproject.org/ Briar]
 
*[https://briarproject.org/ Briar]
Line 63: Line 70:
 
*[https://e.foundation/ e-Foundation] ''- privacy focused phone OS's''
 
*[https://e.foundation/ e-Foundation] ''- privacy focused phone OS's''
  
== Related news ==
+
== Related news & views ==
 +
*2019-11-22: [https://www.rt.com/news/474137-breach-billion-users-data-cloud/ 1.2 BILLION people’s data – including social media profiles and contact info – found on unsecured Google Cloud server]
 +
*2019-11-13: [https://qrius.com/amazons-roadmap-for-alexa-just-may-be-the-scariest-thing-big-tech-is-doing Amazon’s roadmap for Alexa Just May Be the Scariest Thing Big Tech is Doing]
 
*2019-04-07: [https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ All major browsers except Fierfox and Brave forcing click trackable links]
 
*2019-04-07: [https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ All major browsers except Fierfox and Brave forcing click trackable links]
 
*2019-01-20: [https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2 Google says the built-in microphone it never told Nest users about was "never supposed to be a secret"]
 
*2019-01-20: [https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2 Google says the built-in microphone it never told Nest users about was "never supposed to be a secret"]
Line 141: Line 150:
 
*[https://ar.al/2019/02/14/privacy-is-not-a-science-it-is-a-human-right/ Privacy is not a science, it is a human right] ''- Aral Balkan responds to van der Sloots "privacy science" bullshit''
 
*[https://ar.al/2019/02/14/privacy-is-not-a-science-it-is-a-human-right/ Privacy is not a science, it is a human right] ''- Aral Balkan responds to van der Sloots "privacy science" bullshit''
 
*[https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/ The Encryption Debate Is Over - Dead At The Hands Of Facebook]
 
*[https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/ The Encryption Debate Is Over - Dead At The Hands Of Facebook]
 +
*[https://thenextweb.com/facebook/2018/03/21/facebook-and-cambridge-analytica-heres-what-you-need-to-know/ Facebook and Cambridge Analytica: Here’s what you need to know]
 +
*[https://www.darkpatterns.org/types-of-dark-pattern Dark Patterns] ''- ways corporate sites trick you into giving away your privacy and power''
 +
*[https://njal.la/ Njalla] ''- anonymous domain registration taken seriously''
 
[[Category:Philosophy]][[Category:Security]]
 
[[Category:Philosophy]][[Category:Security]]

Latest revision as of 21:11, 12 December 2019

Glossary.svg This page describes a concept which is part of our glossary
NothingToSay.jpg

Privacy is the resource that is made available by Security which in turn is a collection of tools for allowing information and resource to be made available only to selected people or groups. In OrganicDesign this means that our peer-to-peer network must have a good distributed encryption and authentication mechanism in place so that trust groups can contain private information securely and persistently even when none of the members are online.

Having very good encryption is important because these days more and more sensitive information needs to be stored in a robust distributed way while remaining fully private and under our own control. Examples of such information are passwords and private keys, scanned identification documents, personal correspondence and these days even digital money.

Many people believe that, if you have nothing to hide, there is nothing to fear from all this scrutiny. But if you resist the urge to pick your nose while others are present, or close the door when you go to the toilet, you are a privacy advocate. "When you realise that your whole life is under view," says the Tory MP David Davis, "it’s inhibiting." (from Can you disappear in surveillance Britain?). For more detailed information on this aspect of privacy, see Debunking a myth: If you have nothing to hide, you have nothing to fear.

Quote.pngIf you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
— Eric Schmidt (CEO of Google)

Real security a myth?

Security camera--.jpg

There isn't much confidence in real privacy these days with all the rumors and/or facts of "back doors" and quantum computers which can achieve seemingly miraculous computational power. But before getting sucked into all the hype, bear this simple foundation in mind - if two people share a private random block of information used one time only to encrypt a message of the same size, it is mathematically impossible to break, even by quantum computation - it is said to exhibit information theoretic security. It is only the level of organisation required amongst participants that currently makes this method impractical - in practice the network would usually combine this method with traditional methods.

Anonymous search

The DuckDuckGo search engine is a meta-search mechanism that gives the same results as Google, but is cleaner and preserves your privacy. It's a little slower to come up with results, but presents them in a nicer way and uses AJAX to maximise its usability.

VPNs

Anonymous Internet browsing

Apart from the standard practice of using HTTPS connections when working with private content, it is also important to preserve anonymity - i.e. not giving away any information about the source of the web page requests. We use the Firefox browser with the TorButton add-on. There also another called FoxTor but I haven't tried that one yet. These solutions both use the TOR (The Onion Router) to achieve anonymity.

The add-on is easy enough to install, but I found that I also needed to apt-get install polipo and change the port settings in the TorButton preferences. The HTTP and SSL had to be changed from 8118 to 8123 and the SOCKS from 9050 to 4424. I found the ports that polipo was using with netstat -lp|grep polipo. After installation, you can check if it's working by switching it on and then checking your ip address and its estimated geographical location.

Another useful related addon to Firefox is the User Agent Switcher.

Private voice & video chat

Private communications apps and info

Projects

  • Streisand - very simple to set up reproducible privacy system
  • Me and my shadow - take control of your data
  • NoMoreGoogle.com - alternative privacy-aware apps
  • RiseUp.net - another alternatives sites
  • Cryptocat - open-source web-based private chat
  • ZeroLink - very good looking Bitcoin mixer project
  • Silent Circle - Private comms of email, mobile, voip, IM and teleconferencing, by Dr. Zimmerman and others
  • Retroshare - Open Source cross-platform, private and secure decentralised communication platform. It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels
  • Waterken
  • GNU Privacy Guard (GPG) - GNU implementation of the OpenPGP standard
  • StrongSwan - IPsec for Linux
  • Onion Pi - TOR on Pi
  • prism-break.org - stop reporting your online activities to the US government with these free alternatives to proprietary software
  • Tails - Debian with onion, takeaway style!
  • Private Internet Access (PIA) - VPN provider committed to privacy, no logging and excellent legal support
  • Silent Vault - using voucher-safe to make bitcoin anonymous
  • okTurtles + DNSChain - excellent project addressing issues with HTTPS and certificate authority fraud
  • ZeroNet - decentralised websites using Bitcoin crypto and the BitTorrent network
  • Rifle - more secure and efficient alternative to Tot and I2P underway at MIT
  • MicroG - a libre software alternative to Android making good progress
  • e-Foundation - privacy focused phone OS's

Related news & views

See also