New service: the Privacy Party

For a small per person fee, we’ll coordinate and run a Privacy Party for you and your friends, colleagues, or partners. We can help you set up secure services for:
– File storage, sharing, and backup
– Email
– Text messaging
– Voice calls
– Password storage
– Two-factor authentication

…and more!

If you’ve been worried about sending private information to the people you need to trust, this is a great way to get started. We can help you get started with tools that are compatible across Windows, Mac OS X, many flavours of Linux, Android, and iOS. Most of the tools are free – we’ll show you how to use them and how to make the most of them, letting you feel safer while you go about your day.

Posted in Privacy, Security, Technology, Tools Tagged with: , , , , , , , , , , , ,

Privacy: A free course on securing your email-based communications

Via Tuts+:

This looks to be an excellent course with a focus on OS X and iOS security. For anyone using those tools, I recommend checking it out!

I’m considering developing a short course on enabling PGP for Android and Windows; let me know if there’s interest in the comments.

Posted in Privacy, Security, Technology, Tools Tagged with: , , , , , ,

Security: A brief thought about ATM skimmers

Via Boing Boing:

It seems like it’s pretty much impossible to trust an ATM when you’re travelling internationally, but obviously you don’t want to carry a tonne of cash with you either. One suggestion – that should help you avoid the Bluetooth-enabled skimmers, at least – is to use your phone to scan for Bluetooth devices when you’re at the ATM you want to use. If you see any devices that don’t belong to you, don’t use the ATM.

It’s not convenient – and it means having your phone out in public, which may pose other risks – but the added security for your bank account is probably worth it.

Posted in Security Tagged with: ,

Security: Symantec’s fake Google certificates

Via Boing Boing:

Symantec recently issued (and then revoked) SSL certificates that could have allowed third parties to impersonate Google anywhere on the web.

Symantec’s response – terminating the employment of the people identified as having allowed this apparent mistake to happen – may seem excessive, but in my opinion this kind of error is severe enough that it should have serious consequences. Being able to trust the certificates that are issued by big-name providers – which means being able to trust that some of the most important sites on the Internet are the sites you’re actually browsing and trusting with your data – is absolutely crucial.

The nearest parallel I can come up with is the Superfish issue, but in this case the issue is one that wouldn’t have been able to be resolved by making a change on your computer; if these certificates had gone undetected, the Internet could have been a much less safe place.

Posted in Security, Technology Tagged with: , ,

Quick and easy privacy tools

From Lifehacker:

For those whose privacy needs go beyond ad-blocking (and really folks, this should be everyone), Lifehacker’s list of privacy-enhancing browser extensions is a must-read.

Personally I’m a heavy user of both uBlock Origin and Mailvelope; if you have other tools you’d recommend, let me know and I’ll write them up.

Posted in Privacy, Technology, Tools Tagged with: , , , , ,

Network-wide ad-blocking with a Raspberry Pi

From Lifehacker:

The idea of offloading the task of ad-blocking from a browser extension to a dedicated device is pretty appealing – it would mean being able to reduce the number of systems to keep updated, which I always appreciate, and would reduce the memory load on some of my systems pretty significantly – and this seems like a pretty cool DIY way to do it.

Before implementing a system like this, I would want to review the instructions and do some deeper reading to determine the longevity, security, and reliability of the system. I’ll post an update if I come across anything else interesting on this.

Posted in Privacy, Technology, Tools Tagged with: , , ,

Privacy: Internet-connected appliances and data security

This post on Boing Boing brought to my attention the Pen Test Partners article describing how they hacked a Samsung fridge by using a man-in-the-middle attack to exploit a vulnerability where the fridge wasn’t correctly validating SSL certificates. Basically, by presenting a fake certificate you can convince the fridge that an arbitrary system is actually Google’s servers – at which point the fridge will send any stored Google account credentials it has to the fake server, allowing them to be logged for reuse.

While the actual model of fridge tested is not for sale in the UK, it is available in North America and this vulnerability may not have been patched (no update has been posted on Boing Boing or on Pen Test Partners).

I’m all in favour of a super-connected life, but I also like my connections to be reasonably secure. This is a good reminder of why. You can’t take for granted that the technology in your home is only talking to the people you want it to talk to, and if you let your machines tell your secrets to other people’s machines you’re going to have a bad time.

Posted in Internet of Things, Privacy, Security, Technology

Just a quick reminder

Don’t let people plug random USB devices into your computer.

Posted in Security, Technology

Privacy: Secure messaging with TextSecure

In a previous post I referenced the EFF’s Secure Messaging Scorecard, which evaluates the security and privacy measures built into several messaging applications across Windows, OS X, Linux, and Android. In this post, I outline my favourite app on this card: TextSecure, the secure text messaging application for Android from Open WhisperSystems.

TextSecure is the type of app I’d like to see more frequently: free and freely available; open source so that users, developers, and auditors can review the code; built with powerful security measures enabled by default; and simple enough to use that it becomes invisible to even the least tech-savvy user immediately. The developers are also honest about the compromises they’ve had to make in bringing the app to its current state, noting in their support articles that they have had to choose between reliable message transport and integration with Google Play Services [link] and including references to the discussion around that decision and the steps they plan to take to mitigate that compromise in the future.

The functionality TextSecure offers is essentially a set of tiered security levels to protect its users’ privacy:

Level one: when configured with a passphrase (an optional password entered on the device before the app can be used), all text messages – whether encrypted in transit or not – are encrypted on the device’s storage.

Level two: when messaging between two users that both have TextSecure installed, but in circumstances where using push/data is not possible, messages are encrypted in transit but are sent over mobile carriers’ networks via SMS.

Level three: when push is available, messages are encrypted in transit and never pass over SMS networks.
Essentially, each level offers another set of protections. First your messages are protected if anyone has physical access to your device; second the contents of your messages are protected from interception by your mobile carrier (but metadata such as the from and to numbers are still captured); third all data and metadata circumvent the carrier channels. All of this is invisible to most users.

The list of people and organizations that might want to or might be reading your text messages and metadata is as long as a grown person’s arm, so the reason an individual would or should use TextSecure or a similar app is pretty close to self-evident. The fact that TextSecure is so easy to implement and share and use makes switching to it a really easy decision.

Full technical documentation, including the source code for the app, is available at the Open WhisperSystems website.

Posted in Privacy Tagged with: , , , ,

Tools: Google Apps for Work

The below is marketing text from Google Apps for Work. If you use the link on this page to sign up, I get a referral bonus; if you let me know you’ve signed up, I’ll get in touch to help you get started!

What is Google Apps?

Google Apps is a cloud-based productivity suite that helps teams communicate, collaborate and get things done from anywhere and on any device. It’s simple to set up, use and manage, so your business can focus on what really matters.

Millions of organisations around the world count on Google Apps for professional email, file storage, video meetings, online calendars, document editing and more.

Watch a video or find out more here.

These are some highlights:

Business email for your domain

Looking professional matters, and that means communicating as Gmail’s simple, powerful features help you build your brand while getting more done.

Access from any location or device

Check emails, share files, edit documents, hold video meetings and more, whether you’re at work, at home or in transit. You can pick up where you left off from a computer, tablet or phone.

Enterprise-level management tools

Robust admin settings give you total command over users, devices, security and more. Your data always belongs to you, and it goes with you, if you switch solutions.

Start free trial

Posted in Tools Tagged with: ,
%d bloggers like this: