Wednesday, January 30, 2013

How to Protect Your Instant Messaging and Voice Chat Communications From Prying Eyes

Instant messaging is a useful tool. Most of us who've been on the Internet for any length of time have used some sort of IM program and a good number of us still use it regularly in our day to day communication with friends, colleagues  and families.  But instant messaging conversations are often like screaming out into a void. While they aren't openly accessible to someone watching our Internet connection, the companies who provide the services we use usually have pretty ready access to everything we say and do in an IM conversation.

While the easy access service providers have to our conversations don't matter to some. Others among us would rather our conversations be completely private even from the companies providing us the IM service.  And there's good reason for that desire. According to the annual Google Transparency Report, law enforcement requests for private user data (email, IM conversations, files, etc) are up more than 13% this year.  Law enforcement wants our data and, while their requests might indeed be valid in some cases, their increased demand strongly illustrates the importance of protecting what we say online.

So how do we protect our online communications?  Let me start off by saying this bluntly and clearly: WE STOP USING AND RELYING ON SKYPE!

Most people believe Skype is safe because Microsoft says it's encrypted. The problem is that Microsoft holds the encryption keys and can decrypt your chats and voice conversations any time they want. You have no control over the security of your communications with Skype. Trusting it to make sure you're secure is like doing nothing at all.

In order to be truly secure, all encryption functions must be under your control at all times. That's where 'off the record' messaging and encrypted voice comes into play.

Off-the-record messaging is a way to securely generate and exchange encryption keys during a clearly readable instant messaging conversation. Once those keys are exchanged, every message you type is encrypted and sent over the Internet to your chat partner. Even the service you're using to chat over (like Google Talk or Yahoo Messenger) can't see what you're saying. Only your partner can decrypt your message. It's completely secure.

Encrypted voice is yet another way to enhance your Internet communications with security. Several ways exists to accomplish this but the most trusted and recommended one by security experts like cryptography expert Bruce Schneier is ZRTP.  ZRTP was developed by the creator of PGP, Phil Zimmermann and is a trusted way to secure voice based communication. ZRTP allows you and your chat partner to securely exchange encryption keys then encrypt your voice chat to each other using those keys. Just like with off-the-record instant messaging, even your chat service provider has no idea what you're saying.

There are a number of programs that implement the technologies we discussed above. Some of them will implement all of the features we talked about while others only implement a subset of them. The important thing is to find something that works for your needs and use it. Stop sacrificing your privacy to Skype and Google. There are tools to help you protect yourself if you're willing to use them.

Recommended Programs for Windows:

  • Jitsi (www.jitsi.org)
  • Pidgin (www.pidgin.im)
Recommended Programs for Mac
  • Adium (www.adium.im)
Recommended Programs for Linux
  • Jitsi (www.jitsi.org)
  • Pidgin (www.pidgin.im)
In future articles, we'll discuss ways to make sure that you're completely secure while using these programs. Specifically, we'll discuss the technologies surrounding data analysis and encrypted voice. Until then, get yourself protected!

Saturday, January 26, 2013

In Memory of Aaron Swartz



Aaron Swartz was a brilliant man.  Not just technically gifted but also socially aware and gifted in his desire to find real solutions to fix societies problems. He was dedicated, driven, passionate, and his suicide two weeks ago due to the overzealous prosecution by a federal attorney who could have put him in prison for decades is tragic, heartbreaking, and angering.

Aaron was not a criminal. He should not have been a felon. However, according to the law under which he was being prosecuted, the Computer Fraud and Abuse Act, he was to be treated no differently than someone who goes out and commits murder, rape, or robs a bank.  Aaron's crime? He downloaded academic journal articles and shared them on the web.

Aaron Swartz's life was a testament to his deeply held ideals. It was a testament to his belief that information that benefits and moves society forward should not be encumbered or held ransom. It should be freely shared, disseminated, and easily available to everyone.  Most importantly, it should never be used as a method or tool of control.

Aaron's passing still has those of us who cared about him reeling. But we will stand up, dust ourselves off, and carry on. We will carry on with a new sense of vigor, a new sense of determination, a new sense of purpose. Aaron's life, and his death, challenges us to do so. It challenges us to be better, more dedicated, more radical than ever in our desire to push humanity forward. And it's a challenge we gladly and willingly take up.

The video above is a memorial to Aaron held by The Internet Archive. Please watch it and let Aaron's life speak for itself.


Aaron, you will be missed, but you and the things you did will never be forgotten.

Monday, January 21, 2013

Internet Entrepreneur Kim Dotcom Hits Back Hard

Kim Dotcom is certainly not a man to take attacks on him lightly. That's why when the FBI, in conjunction with local police, seized the MegaUpload servers and raided his Australian home, claiming that the service was a 'safe haven for piracy', Dotcom hit back hard and defiant, quickly setting up a new, more secure, file sharing service called Mega.

Mega is like MegaUpload on steroids. More space, more security, much more excitement surrounding the launch. In the early hours after public registration opened, Dotcom reported the the servers were under extreme load and that the service had signed up more than 1.1 million users.

And the frenzy continues.

With Mega, Dotcom hopes to create a service that is resistant to attacks like the one against MegaUpload. User data is encrypted using a 2048 RSA encryption key that only the user possesses, accounts get up to 50 gigabytes of free space, and the service has more bandwidth than the entire country of New Zealand. Dotcom seems determined to do everything right with Mega that he did wrong with MegaUpload and both the public and tech press seem to agree that he's doing an amazing job so far.

Will Mega suffer the same fate as MegaUpload? Possibly. But this time, it's going to be a whole lot harder for law enforcement to prove piracy and to pin it on Dotcom or his service.

Defiant, angry, brilliant. Kim Dotcom is ready to rock.