Saturday, December 9, 2017

Standard Notes


Standard Notes | A Simple And Private Notes App

Standard Notes is a private notes app that features unmatched simplicity, end-to-end encryption, powerful extensions, and open-source applications. Standard Notes works across devices and the web. I can write a note on my phone, read it on my computer, and edit it on my Chromebook by singing up for (and signing in to) a free Standard Notes sync account. Standard Notes offers a standard level of security and privacy that other note apps don’t. Standard Notes explains: "Your notes are encrypted using your secret key on your device before they’re synced to your online account. No one can decrypt your notes: not us, not your ISP, and not an intrusive government."

Update: The Privacy & Security Podcast #62 interviewed the developer of Standard Notes.
https://soundcloud.com/user-98066669

Friday, December 8, 2017

Encrypted Voice Calls

 
There are several apps available to encrypt your text messages, and I encourage you to use one or more of those apps to help protect your messages. However, not all communication is by written message. In many cases we make voice calls, but can these calls be encrypted?
 
Many of the apps that I recommend for protecting your written messages will also encrypt your voice calls. With any encryption app, what is most important is end-to-end encryption. You must control the encryption keys to ensure security of your communications. If the encryption keys are controlled by the service provider (as with Skype) that provider has the ability to decrypt and read / listen to your private communications.
 
For secure voice communications, I recommend three apps:
 
Signal Messenger - https://signal.org/
WhatsApp - https://www.whatsapp.com/
Wire Messenger - https://wire.com/en/
 
Each of these apps has a large number of users (WhatsApp claims over 1-Billion users), is easy to use, and provides good security for both text and voice communications.
 
Regardless of the app you choose for secure communications, it is important to understand that everyone with whom you wish to communicate securely must be using the same app. This is fairly easy with a small group, but may be more difficult to coordinate as the group of people you call becomes larger. You may end up using more than one app to communicate securely with different groups (i.e. WhatsApp with family, but Signal Messenger with work colleagues).
 
There are other apps that also provide encrypted voice communication. Examples include Pryvate Now and Telegram.  Apple FaceTime provides end-to-end encrypted video chats, but is only available for the iOS operating system. While not as popular Signal, WhatsApp, and Wire; these other apps may have additional features that fulfill your personal communications needs.



Thursday, December 7, 2017

Wiretap Reports

 

The United States Courts web-site reports information provided by federal and state officials on applications for orders for interception of wire, oral, or electronic communications. Data address offenses under investigation, types and locations of interception devices, and costs and duration of authorized intercepts. Covers 12-month period ending December 31. This report does not include data on interceptions regulated by the Foreign Intelligence Surveillance Act of 1978.
 

 
Encryption (2016)
 
The number of state wiretaps reported in which encryption was encountered increased from 7 in 2015 to 57 in 2016. In 48 of these wiretaps, officials were unable to decipher the plain text of the messages. A total of 68 federal wiretaps were reported as being encrypted in 2016, of which 53 could not be decrypted. Encryption was also reported for 20 federal and 19 state wiretaps that were conducted during a previous year, but reported to the AO for the first time in 2016. Officials were not able to decipher the plain text of the communications in any of the state intercepts or in 13 of the federal of intercepts.

It would seem that while encryption is effective in protecting your communications against wiretapping, most subjects of wiretapping are not using encryption.

"The evil incident to invasion of the privacy of the telephone is far greater than that involved in tampering with the mails. Whenever a telephone line is tapped, the privacy of the persons at both ends of the line is invaded, and all conversations between them upon any subject, and although proper, confidential, and privileged, may be overheard. Moreover, the tapping of one man's telephone line involves the tapping of the telephone of every other person whom he may call, or who may call him. As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire tapping."
-Justice Louis Brandeis, Olmstead v. United States, 277 U.S. 438 (1928)
 
 


Wednesday, December 6, 2017

Recording Phone Calls and Conversations

 
If you plan to record telephone calls or in-person conversations (including by recording video that captures sound), you should be aware that there are federal and state wiretapping laws that may limit your ability to do so. These laws not only expose you to the risk of criminal prosecution, but also potentially give an injured party a civil claim for money damages against you.
 
From a legal standpoint, the most important question in the recording context is whether you must get consent from one or all of the parties to a phone call or conversation before recording it. Federal law and many state wiretapping statutes permit recording if one party (including you) to the phone call or conversation consents. Other states require that all parties to the communication consent.
 
Federal law permits recording telephone calls and in-person conversations with the consent of at least one of the parties. See 18 U.S.C. 2511(2)(d). This is called a "one-party consent" law. Under a one-party consent law, you can record a phone call or conversation so long as you are a party to the conversation. Furthermore, if you are not a party to the conversation, a "one-party consent" law will allow you to record the conversation or phone call so long as your source consents and has full knowledge that the communication will be recorded.
 
According to an article published by the Legal Research and Communications Department, of the U.S. Army Judge Advocate General’s School: "While there are various federal and state laws prohibiting the interception and covert recording of conversations by third parties, most do not apply when a party to the conversation makes the recording or consents to it. Likewise, there are no federal, Department of Defense, or Department of the Army regulations, that prohibit employees from surreptitiously recording conversations in the workplace. Unless the recording took place in one of the few states that prohibits nonconsensual recording, there is nothing to prevent a federal employee from surreptitiously recording his co-workers or supervisors absent an order or local policy."
 
In addition to federal law, thirty-eight states and the District of Columbia have adopted "one-party consent" laws and permit individuals to record phone calls and conversations to which they are a party or when one party to the communication consents.
 
Eleven states require the consent of every party to a phone call or conversation in order to make the recording lawful. These "two-party consent" laws have been adopted in California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington.

As an example of the law in one of those eleven states, I cite Washington State law:

RCW 9.73.030
Intercepting, recording, or divulging private communication - Consent required...


(1) Except as otherwise provided in this chapter, it shall be unlawful for any individual, partnership, corporation, association, or the state of Washington, its agencies, and political subdivisions to intercept, or record any:

(a) Private communication transmitted by telephone, telegraph, radio, or other device between two or more individuals between points within or without the state by any device electronic or otherwise designed to record and/or transmit said communication regardless how such device is powered or actuated, without first obtaining the consent of all the participants in the communication;

(b) Private conversation, by any device electronic or otherwise designed to record or transmit such conversation regardless how the device is powered or actuated without first obtaining the consent of all the persons engaged in the conversation.

 
Regardless of whether state or federal law governs the situation, it is almost always illegal to record a phone call or private conversation to which you are not a party, do not have consent from at least one party, and could not naturally overhear. In addition, federal and many state laws do not permit you to surreptitiously place a bug or recording device on a person or telephone, in a home, office or restaurant to secretly record a conversation between two people who have not consented.
 

Tuesday, December 5, 2017

Malwarebytes


Malwarebytes is an anti-malware software for Microsoft Windows, macOS and Android that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.
 
I use, and strongly recommend, Malwarebytes. It doesn't replace your anti-virus program, but should be used in conjunction with anti-virus to keep harmful programs, such as adware and spyware, from infecting your computer. Potentially unwanted programs and other kinds of malware are a real threat if you like downloading and experimenting with free software. Malwarebytes is a great tool for identifying any such threats that get past your antivirus program. Download Malwarebytes here: https://www.malwarebytes.com
 
 


Use Cash for Privacy

 

In today’s modern society you can easily go throughout your week without the need to spend cash. Almost any place that you might choose to make a purchase will accept payment with either your credit or debit card. This may be convenient, but it also results in an almost total loss of your personal and financial privacy. Paying with a credit or debit card creates a record of your purchase, identifies the location where the purchase was made, and the date and time that you made the purchase. Anyone who is able to review your credit card and debit card statements can develop a pretty good idea of your daily routine, your likes and dislikes based on your purchases, and patterns and habits that are unique to your lifestyle.

According to the web-site Creditcards.com "Millions of credit card users receive monthly statements detailing their spending during the billing cycle: The standard information provided includes the date of a purchase, the place of the purchase, including the name of the merchant, city, state, amount of the purchase and a transaction reference number. Every transaction processed by the card networks (Visa and MasterCard) is assigned a merchant category code (MCC), a four-digit number that denotes the type of business providing a service or selling merchandise... the database's purchasing information can provide a pretty clear picture of credit card users. What do they know about you? Depending on how extensively you use your credit card, they conceivably have a very clear, distinct picture of an individual. It's not only your retail purchases, but your online purchases. It can really paint a very complete picture. The stores that you shop at can paint a picture. You also may use it at a doctor's office if you pay for care with a credit card. Some people pay for their utilities with credit cards."
 
Some merchants also want you to show an ID along with your credit card when making a purchase. This greatly increases your risk of identity theft, and according to the Department of Financial Institutions violates the policies of the major credit card issuers (i.e. Visa, MasterCard, Amex). You should never show ID when making a credit card purchase, but some unscrupulous merchants will demand that you do. Using cash to make your purchase eliminates this demand for ID, and lowers your risk of becoming a victim of identity theft.   
 
Cash purchases leave little or no record of the transaction that can be associated with you. Using cash will keep your purchases from being tracked by credit card companies, and sold to data brokers and marketing companies. Cash greatly reduces your risk of identity theft since there is generally no record made of your personal information when making a cash purchase.  According to the VPN company Private Internet Access "It’s not just privacy that requires cash or a cash equivalent. It’s also the ability to trade without having tons of red tape including a third processing party, which - to top it off - clearly establishes a merchant class (with the ability to receive money) and a consumer class (with the ability to pay and shut up). In contrast, cash has always been peer-to-peer."

It should be noted that in many countries, cash purchases are much more common than in the United States. For example, according to Dataversity, "In Germany 82% of transactions are made in cash compared to 46% in the U.S." 
 
Of course, using cash to make purchases on-line or pay debts to a non-local business isn’t really an option. There are options for making private electronic transactions which I will discuss in another blog post. But for any direct, in-person, purchase cash is king when it comes to privacy. It is also these in-person purchases that reveal the most about your daily life. So, to protect your personal and financial privacy, whenever possible - Always Spend Cash!
 
 


Monday, December 4, 2017

CryptoParty


 
HTTPS:// Everywhere - https://www.eff.org/https-everywhere
miniLock - http://minilock.io
Signal Messenger - https://signal.org/
 
At CryptoParty you will learn to use encryption to protect your personal privacy and safeguard sensitive information. Learn encryption. Share your knowledge with your friends and family.

HTTPS:// Everywhere encrypts the connection between your computer and web-sites that you visit on-line. VeraCrypt allows you to create encrypted containers on your computer to protect your sensitive files. miniLock is a Chrome Add-On that lets you exchange encrypted files. KeyScrambler protects your computer against key loggers. KeePass is a password manager. NordVPN is just one of many virtual private networks that protect your on-line privacy. Signal Messenger protects your text messages and telephone calls with strong encryption. GnuPG allows you to create an Open PGP key-pair and exchange encrypted messages. ProtonMail is an encrypted web-based e-mail, based in Switzerland. TOR helps you access the Internet anonymously. TAILS brings together many privacy features and works as a bootable CR or USB to keep you from leaving traces of your activity on your computer.

All of these programs are simple to download, install, and use. By using encryption, even when you "have nothing to hide", you make the Internet a safer place for everyone.

   
Woe Betide Whomever Transmits Plaintext
 


Brave Web Browser

 
The Brave Web Browser is a free and open-source browser based on the Chromium web browser and its Blink engine, announced by the co-founder of the Mozilla Project and creator of JavaScript, Brendan Eich. Brave never sees the sites you browse. If you use a search engine such as Google, then anything you type in the search bar will be recorded by Google - but not by Brave servers.
 
The Brave Web Browser includes:
  • HTTPS Everywhere
  • Block Phishing / Malware
  • Block Scripts
  • Fingerprinting Protection
 
Brave blocks ads and trackers by default so you browse faster and safer. You can add ad blocking extensions to your existing browser, but it’s complicated and they often conflict with one another because browser companies don't test them. Worse, the leading ad blockers still allow some ads and all trackers. Brave blocks ads and trackers, reducing your chances of being infected by malware, ransomware and spyware. Brave even has HTTPS upgrades, which means more of your connections are encrypted, protecting your identity, browsing, payments and more. The "private" or "incognito" browsing mode that others offer is not truly private. Those tabs mostly stop other people that use your device from seeing where you’ve been. Brave’s private tab stops trackers and will soon feature "Tor in the tab," providing even deeper privacy. Download the Brave Web Browser here: https://brave.com

Sunday, December 3, 2017

Defense Against The Dark Arts

 
You can download a free, PDF, copy of
Defense Against The Dark Arts: Privacy and Security in a Digital World
from my Google Drive here: https://goo.gl/aRRsbq
 
The guide is 142 pages in length, and provides the following contents:
 
How to Use This Guide
The Dark Arts (Introduction)
Literature Review
Understanding the Threat
Spam and Phishing
Cyberstalking
No Security is Perfect
Configure Your Personal Computer for Better Security
Secure Your Social Networking Accounts
Messaging Apps
Protect Your Smartphone
Voice over Internet Protocol (VoIP) Phones
Understanding and Using Encryption
The Dark Web
Anonymous Speech On-line
Disinformation and Misdirection
Opting Out of Records and Databases
Financial Privacy
Address Privacy
General Delivery Mail
Obtaining A Postmark from a Distant City
Understanding the Police
Dealing With The Police
Surviving A Police Interrogation
Activists, Journalists, and Whistleblowers
 
Appendix - 1 Web-sites and Resources
Appendix - 2 Activists & Journalists Security Guides
 
Works Cited