Review: Full disk encryption DiskCryptor v0.7.435.90

Author: Frank | Category: encryption

Most of you will have heard of Truecrypt, a free an open source hard disk encryption product, there are only another free and open source software for full disk encryption in Windows that I am aware of, DiskCryptor. You can download a 32bit or 64bit version of Diskcryptor depending on your OS.

I tested DiskCryptor using it for full disk encryption of my netbook, an Asus PC901 with a 12GB HDD divided in between two solid state disks of 8GB and 4GB. DiskCryptor is an ideal alternative to encrypt a netbook because netbooks do not have a CD drive and Truecrypt will force you to burn a CD to use system encryption, which DiskCryptor does not.

DiskCryptor cascade algortyhms

The first thing that impressed me of DiskCryptor is how small it is in size, a little over 500KB, but this comes at a price since the software manual does not come along and you get a link to their website instead.

I was pleased to see DiskCryptor offering a wide choice of encryption algorythms, AES-256, Twofish or Serpent algorithms in XTS mode, all of them seem to be pretty sound algorythms to me, and they can be used on cascade mode as well, VIA Padlock hardware accelaration for encryption and hashing is supported too.

The built-in benchmark shows the top speed with which cryptographic algorithms can perform, but I have to tell you that even on a netbook with a single core Intel Atom processor, regardless of the encryption algortyhm used I noticed no perfomance difference while using the netbook.

DiskCryptor encryption of partition

DiskCryptor allows wipe while encrypting, with three, seven or thirty five passes (Guttman method), but wiping a solid state disk like the one Asus Eee PC901 has is not safe, since solid state disks, like thumb drives, use wear levelling technology and the wiping passes are spread evenly accross the disk and not on the same sectors. If you are using a solid state disk, make sure it does not contain any confidential data that an electrons microscope could recover(very expensive to do right now), the only way to do this is by using a new disk, wiping it may fail to sanitize de disk.

With DiskCryptor you also can encrypt an ISO file and then burn it to CD-R/DVD/BD-R , after that you  will only be able to mount the image with DiskCryptor and the correct password/keyfile.

You can also set up a hot key to cause a blue screen of death, if you need to urgently shut down your computer when someone busts into your home unexpectedly this seems the way to go, it is quicker than clicking on the power off button.

The Good Stuff

DiskCryptor works with RAID volumes, you get a wide choice of algorythms, DiskCryptor is easy to use and unlike Truecrypt, it works on netbooks out of the box. DiskCryptor is open source, you can check for backdoors if you have the skills.

The software does not cost you any money, you can customize the boot loader widely, DiskCryptor boot loader customization is far better than Truecrypt, you can choose to install the bootloader on a CD/DVD, set up timeouts, choose if you want to use a QUERTY or DVORAK keyboard, and there is also a Windows live CD BartPE plugin for DiskCryptor.

The Bad Stuff

DiskCryptor should include some basic documentation at the very least, the GUI is easy to use and intuitive but encryption products need to come with instructions, a newbie could easily feel overwhelmed. DiskCriptor is only available for Windows, and there is no choice of hashing algorythms other than the default SHA-512.

There is also no choice of burning a recovery CD in case the boot loader gets corrupted (although you can backup the headers).

DiskCryptor password box

Conclusion

DiskCryptor is an excellent free and open source full disk encryption  alternative to Truecrypt, with a wide choice of encryption algorythms and easy to use, but they need to improve their poor documentation.

Their FAQ states that they are planning to implement a hidden OS in future versions, I think Diskcryptor looks promising and Truecrypt has a worthy competitor.

Regarding on how safe DiskCryptor is, being open source is a big plus, but that is a matter for the cryptographers and programers to decide, I am neither, I only looked into the usability.

http://www.diskcryptor.net

Video:Big Brother Hates Being Filmed!

Author: Frank | Category: other

It really beggars belief that while the UK police has the right to install CCTV cameras even in public toilets, disguissing it as a “vandalism protection”, they attempt to arrest people filming them in the middle of the street.

As the commentator of this superb video says at the end, do as we say not as we do!

Review: Private internet surfing SSH tunneling Cotse

Author: Frank | Category: anonymous surfing

I have been using Cotse for private internet surfing for over a year and I think this is an accurate review of Cotse based on that. This privacy provider also gives you access to private email, IRC Chat via web interface, web based remailer, SSH tunneling and webhosting.

The first thing to understand is that Cotse SSH tunneling is not for anonymity, but privacy. You will be able to hide from your ISP what websites you are visiting and what you are downloading from the internet, and it will not matter if your ISP keeps logs for one year or twenty years, all they will see when you surf the internet is that you are connected to an SSH tunnel, and anything after that can only be seen and logged by Cotse, your ISP will be powerless to stop this.

In order to use the SSH tunnel in Windows you will need to download an SSH client, my favourite client being KiTTY but there are others around. In Unix,  you simply open the shell and type (example assumes you are using tunnel1):

ssh -L 5000:127.0.0.1:9999 username@tunnel1.cotse.net

With 5000 being the local port being forwarded to port 9999 on the server, using this port will pass on your OS and browser ID to the visited sites, if you forward the traffic to port 8888 Cotse will fake your operating system and browser ID as Windows Vista and Firefox regardless of what OS you use.

You can also forward to port 8080 which uses privoxy, this protects your privacy even further by stopping aggressive advertisements displaying on the screen, but privoxy will slow down  your internet browsing a little.

Cotse SSH tunnel

You can pay for the service with a money order, check, Paypal or credit card, however paying by credit card requires you to reveal your real ISP email address or they will decline payment, according to Cotse this is due to fraud prevention reasons. For anonymous payments you will be better off using a money order or using a virtual credit card and pay through Paypal. Read my post on opening a Paypal account using a fake name to learn how to do this.

Logging Policy

Cotse claims they keep logs of your activities for five days, I think this is reasonable. In an ideal World logs would not exist,but unfortunately some people will abuse privacy services and those users will have to be weeded out one way or another.

Most proxy services will tell you that they do not keep any kind of logs, but technically speaking this is impossible since from the moment you connect to their proxy logs are being created, what happens is that they claim that those logs do not get stored more time than necessary, until you disconnect, and then get overwritten, hence they call it a “no logs” proxy service.

When reading about the logging policy of a privacy service you should consider that it is very easy for them to lie to you and hide their real logging policy. Cotse could easily claim they keep no logs and you would have no way of knowing if these claims are truth or not. By making clear your activities are being stored for five days and then overwritten, Cotse gives me the impression of being an honest provider in regards to their privacy claims of what they can do for you and what not.

There are far too many privacy snakeoil out there advertising the impossible, although I believe it is possible to run a “no logs” privacy service, the problem will always be finding out who is lying and who is not.

Internet IP logs

The Good Stuff

You can use Cotse SSH tunnel with Unix systems as well as Windows, their tunneling service is ideal to be used together with a live Linux CD leaving no computer tracks.

You not only get an SSH secure tunnel but also a private email service (Squirrelmal interface) with POP and IMAP, you also get a fairly decent hosting account with no speech limitations other than illegal content in the US where Cotse and its servers are based.

You have no bandwidth limitations when using SSH tunnelling and Cotse provides alternative ports like 443 in case your ISP blocks the default SSH port 22.

Unlike a VPN, if the SSH tunnel goes down for some reason, your real computer IP will not be exposed and your internet will stop working, this is a good thing. In a VPN, when the service goes down, your internet connection simply borrows your real IP instead with the risk of exposing your identity.

The Cotse email address that comes with the SSH tunnel has automatically expiring aliases, SSL connexion and a highly configurable spam filter, as well as hiding the sender IP on the headers.

Cotse helpdesk is excellent and they always reply under 24 hours, downtime of the SSH tunnel is also minimal, in one year I must have experienced thirty minutes downtime altogether, speed through the tunnel is unnoticeable from the direct connection.

The Bad Stuff

You are not allowed to use torrents through the SSH tunnel as p2p incoming connexions cause issues to the other customers, and the tunnel will disconnect automatically after 600 minutes of continous use (ten hours), you will have to reconnect after that.

Using a credit card for payment will require you to reveal your ISP  assigned email address, payments with a virtual credit card under assumed name will only be possible using Paypal. Your other alternative is a money order or check.

Webspace monthly bandwidth is poor at 1000MB, it will be enough for a text only personal website but no more than that. Their IRC web based chat is blocked by some Undernet servers (due to abuse), other than that it works fine at other networks.

Setting up Cotse SSH tunnel can be a bit overwhelming for someone who is new to the internet, it may take them a while to figure out how to configure everything.

Conclusion

Cotse makes excellent value for money, and you not only get an SSH tunnel but also a private email address and webhosting. If you want a cheap private proxy with no bandwith limitations that works accross Unix as well as Windows, then Cotse is probably for you.

Their five days logs policy is worse than other sites promising not to keep any kind of logs, but you can not be sure those sites are telling you the truth, in fact you can not even be sure Cotse is not logging your activities for longer than the five stated days, you have no way around this other than running your own proxy server.

http://www.cotse.net

Notice: Review based on the basic SSH Internet Shield Cotse service, you can upgrade this for extra features.

SSH tunneling between two computers

Video: Location Tracking Beyond Privacy

Author: Frank | Category: other

Lecture by Paul Dourish for the Stanford University Human-Computer Interaction Seminar (CS 547). Mobility is no longer sufficient; location-tracking is a key feature.

The introduction of location-based technologies has traditionally been accompanied by a series of concerns over privacy. These discussions, though, adopt a fairly reductive model of privacy, concerned primarily with the trade-offs involved in service provision and location disclosure.

Video: Social networks privacy dangers

Author: Frank | Category: other

An excellent University of North Carolina video where Fred Stutzman discusses Facebook, Myspace, and social networks in general.

The concepts of Social surveilance, weak vs. strong ties, and the effect of the “invisible audience”. The differences between social networks, and the effects of social networks on society in terms of privacy implications are discussed.

Note: The video and audio quality of this video sucks, I am just posting it for the content which I thought it is quite interesting.

Video: Confronting the Surveillance Society

Author: Frank | Category: other

Talk by James Bamford author of “The Puzzle Palace” and “Body of Secrets” & Chris Calabrese Program Counsel of the ACLU Technology and Liberty Project.

This video, nearly one hour long, has a good history of all the dirty tricks the National Security Agency in US has been playing all along their history. You should be able to understand quickly why trusting the NSA with any of your data is not a good idea.

Video: Surveillance Privacy Protection

Author: Frank | Category: other

Computer scientist Samson Cheung of the University of Kentucky creates programs that can manipulate video surveillance all the way down to the pixel level.

You can watch in this video how the technology exists to avoid intrusive CCTV from recording people who do not wish to be on camera. The only problem I see with this is that most countries do not actually give monkey’s about citizens privacy and unless they are forced to do so they will not adopt such technology, rather the opposite, the more people they can film 24/7, the better for them.

Video: Off-the-Record Messaging, privacy for IM

Author: Frank | Category: encryption

Off-the-Record is an open source plugin to use with Pidgin, an instant messenger software compatible with IRC, MSN, SILC, ICQ, Yahoo! and lots of other chat software that come with no privacy measures whatsoever.

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing encryption, authentication, deniability and perfect forward secrecy.

You can watch this Stanford University lecture video explaining how Off the record works and what it can do to help you keep your privacy and anonymity while chatting through instant messenger.

- Off-the-Record Messaging

Video: British police surveillance of journalists

Author: Frank | Category: other

As you will see on this video British police seems to be getting paid to carry out surveillance on journalists as much as protestors, any journalist who covered the Climate Change camp held last Summer in Kent is now very likely to have all his details recorded by the British Stasi, aka Forward Intelligende team.

Be aware that all the information gathered by police surveillance teams will be stored somewhere in their computers, to be retrieved any time it is convenient for them. If you want to avoid unknown persorns to keep information about your private life, start considering dressing up and wearing a cap and scarf the next time you take part in a peaceful demonstration, either as a journalist or as a protester.

To get an idea of what Great Britain has become, you can download George Orwell “1984″ book for free.

Video: Crash course in full disk encryption

Author: Frank | Category: encryption

This video is a talk held in December 2008 at the 25th Chaos Communication Congress, under the title Nothing to hide.

It is a crash course in full disk encryption concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOS X is given. A  programmer’s  look at the open-source solutions concludes the presentation.

If you are not encrypting your whole hard disk remember that opening and viewing files will leave recoverable traces in your operating system. If you care about privacy you should be using full disk encryption, Truecrypt is the way to go in Windows.

Click this link to download the crash course in full disk encryption papers.

I would say this is a video for intermediate/advanced computer users.