UPDATE: With the recent announcements about the NSA, Prism, and the rest, these blog posts have become even more important. As such I will work at keeping them updated. An important resource has become available at prism-break.org Which has links to all the things discussed in this entry and tools that are not covered here. It is well worth a look.
This is the second in my series of blog posts inspired by the
current trend of governments passing data retention and Internet
spying laws.
I originally wanted to cover this in a single blog entry but the
topic is to long and heavy to do that so I've split it into three
parts
This Section - Introduction,
"HTTPS Everywhere", and the DNS Leakage problem
/Part
2
- VPN's and the "Man in the
Middle" problem
/Part
3
- TOR and I2P
And now back to your regularly scheduled blog....
Some who are fooled into buying the government line, that such
measures are necessary to combat the current boogie-man of choice
(terrorism, child porn, etc), may feel that me publishing such is
giving said boogie-man a leg up. This would be a mistaken belief.
Anyone engaged in such clearly illegal practices will already be
using these techniques. The things I will talk about are not new,
secret, illegal or hard to implement.
In fact it is one of my hopes that people reading this blog entry
will realize just how stupid and useless the proposed
retention/spying laws are against what the government is claiming
they are for. So, if governments know these things won't work to
fight what they are claiming, then why enact them? Well, these
laws will make it easier to harass people using certain types of
file sharing, they will also make it easier to harass anyone that
speaks out against the government or corporate powers that be. I
fully expect to see these new powers being used to silence
"disident" voices.
So, what can one do to protect your privacy and keep your
Internet comings and goings from the prying eyes of the
governments that are so intent on knowing everything you
do.
The simple answer is encrypt everything. There are a lot of
options for encrypting your data and this will keep you data away
from spying eyes. There is a little more to it then that as there
are a few gotcha's and places where you will leak data if you are
not careful.
Lets start with one of the easiest solutions [HTTPS
Everywhere] from the good people at the [E.F.F.]. this add-on to
the Firefox and other browsers redirects your browser to the
encrypted parts of many popular sites. Once it is added to your
browser if you went to google.com (which is really short for
http://google.com) the plug-in would bounce you over to
https://encrypted.google.com. You won't see any difference
in the look or feel of the site but all the data flowing between
you and Google is now encrypted. The ISP (Internet
Service Provider), government, whoever, can't see
what you are doing. they'll know where you went because of the
DNS query, but they wont be able to see what you search for. This
is a great add-on and well worth having even if it doesn't
address the problem of DNS leakage (which I'll discuss next) it
does keep your data private. Using it also gives you much better
security if you ae using a local wifi hotspot because now many of
the website that would have been sniffable by anyone else at the
hotspot are now encrypted and thus more secure.
First let me explain DNS. DNS stands for Domain
Name Service. You can think of it like a giant
yellow pages for the Internet. DNS is used automatically by many
programs that use the Internet.
It works like this:
Connections on the Internet are always from an IP address to
another IP address. The friendly domain names like fsf.org,
freemor.ca, libre.fm, etc are just there to make things friendly
to us humans.
The whole leakage problem comes in because none of this is
encrypted. In fact not until very recently were there any options
to encrypt this and those aren't standard yet. This means that
spying ISPs and/or Governments will still see a breadcrumb trail
of where you go. Even if you use HTTPS (encrypted connections to
websites) all the time they'd still see a DNS trail that might
look like google.com, webMD.com, then ArthritusFoundation.org,
then PharmaPillsPlus.net. As you can see even though they can't
see what you are doing on each site you are still leaking enough
information for them to guess pretty well what you are
doing.
Sadly there is no simple fix for this problem right now. There
are ways to fix it but it's not a three click job like [HTTPS
Everywhere]. The only options are to use one of the very few
services (like [Open DNS] ) that support some form of encrypting
the DNS requests so that they are opaque to ISPs and others. Or
push all your data through a VPN or TOR. All of these options
have their pros and cons TOR is particularly gotcha prone but if
you use it well it is an excellent option.
Read about VPN's and the "Man in the Middle" problem in /Part 2
Read about TOR and I2P in /Part3
Home |
Blog |
Contact |
This site by Freemor is licensed under a Creative
Commons Attribution-ShareAlike 2.5 Canada License.
Permissions beyond the scope of this license may be available at
http://freemor.ca/Contact.htm.