Privacy Lover

How to deactivate geolocation tracking in Firefox and Opera browsers

September 2nd, 2010 No Comments

The latest Opera 10.6 and Firefox 3.5 browsers come with a feature called location-aware, this feature allows websites compatible with Geode (not many at present) to learn where you are.

Google location services are used to determine your whereabouts using your computer’s IP address, nearby wireless access points and a random client identifier given to you by Google, which is meant to expire in two weeks.

The first time you go to a website that requests geolocation information, Google Location Services terms and conditions are presented, you will need to agree to them, which can easily be done inadvertently or wihout understanding what that means, after that, every time a website requests geolocation information your internet browser tells you, and gives you a choice: to send your location data, or not to send it.

Where are you?

Both browsers, Opera and Firefox come with location aware enabled by default, I don’t know about Internet Explorer because I care about internet privacy and do not use that piece of crap.

How to disable location aware in Firefox and Opera browsers

To disable location aware in Firefox, type about:config in the toolbar and change the geo.enabled value to false by double-clicking on the key.

To disable geolocation tracking in Opera go to Settings > Preferences > Advanced > Network, and uncheck Enable geolocation.

Test your geolocation browser awareness at: http://3liz.org/geolocation/

Learn more about geolocation tracking in Firefox and Opera

Mozilla location aware browsing FAQ: http://www.mozilla.com/en-US/firefox/geolocation/

Opera browser geolocation help page: http://help.opera.com/Windows/10.60/en/geolocation.html

Analysis: Is there a backdoor in Truecrypt? Is Truecrypt a CIA honeypot?

August 14th, 2010 4 Comments

Truecrypt domain registed with a false address

The domain name “truecrypt.org” was originally registered to a false address (“NAVAS Station, Antarctica”), and was later concealed behind a Network Solutions private registration.

Truecrypt developers identity hidden

The TrueCrypt developers used the aliases “ennead” and “syncon”, but later replaced all references to these aliases on their website with “The TrueCrypt Foundation” in 2010. The TrueCrypt trademark was registered in the Czech Republic under name of “David Tesařík”.

Nobody knows anything about the developers, they do not want to identify themselves. Everyone likes to be known and congratulated for their great work, but apparently not Truecrypt developers, they do not care about the glory and honour and all that comes with it.

Truecrypt developers working for free

Closed source full disk encryption competitors like WinMagic, DriveCrypt (Securstar) and PGP Corporation have a full time team of software developers working in their products, creating such a product is not an easy feat as any of them will tell you.

Meanwhile two unpaid Truecrypt developers manage to work on Linux, MAC and Windows versions, on 32 and 64 versions and support the next Windows 7 as soon as it has been released, at the same time, presumably, these two Truecrypt developers also hold full time jobs that pays them a salary to feed their families and covers their mortgages .

Are closed source full disk encryption software developers overpaid lazy bastards and Truecrypt developers the finest, most hard working and charitable software developers on Earth?

Compiling Truecrypt source code increasingly difficult

Very few people compile the Windows binaries from source; it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt (due to compiler options, etc.)

This would be very convenient for a CIA mole, they are more likely to attack the software implementation other than the algorithm and the best way to do that is to insert some hard to find vulnerability during packaging. If someone else compiled the source code their plan would not work.

Truecrypt license contains distribution restrictions

Truecrypt is released under its own “Truecrypt license”, it is open source but it contains distribution and copyright-liability restrictions, most major Linux distributions do not want to know anything about it, Fedora has included TrueCrypt in its forbidden items list and forked it to RealCrypt instead.

http://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

Truecrypt open source code has never been reviewed

Truecrypt’s source code has never been the subject of a thorough review, nor is there any reason to rely on the credentials of the developers, since they remain anonymous.

Good thorough code review and testing is hard, tedious and painstaking work, very few people have the skills to do it, and Truecrypt hasn’t been validated through a comprehensive review by any qualified cryptographer.

Censorship at Truecrypt forums

As per Truecrypt forum rule 3 you are not allowed to discuss about other encryption software, as per Truecrypt forum rule 8 you can’t discuss Truecrypt forks, as per Truecrypt forum rule 9 you can’t discuss software that decrypts Truecrypt.

You can’t say anything about their competitors and you are not even allowed to say anything about software that decrypts Truecrypt. If you post any criticisms or negative comments about their software, you will find that those posts will mysteriously disappear.

Truecrypt forum rules:
http://forums.truecrypt.org/viewtopic.php?t=1651

Can the FBI crack Truecrypt?

The CIA would never share their intelligence with their FBI puppies unless it is a real national security matter, terrorism, et al. And they would not want to kill the cow that produces their milk in a public trial where their capabilities are revealed.

Futhermore, there has been recently a case of a corrupt Brazilian banker who has escaped prosecution after the FBI failed to break his fully encrypted disk, he was using Truecrypt.

(Reference: http://g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

Given those news I do not believe the FBI can crack Truecrypt and unless your name is Bin Laden you are probably still safe with Truecrypt, even if it has a backdoor and the FBI seizes your computer.

Alternatives to Truecrypt forums

Computer security and privacy newsgroups such as alt.privacy ; alt.privacy.anon-server ; alt.security.pgp and alt.scramdisk

Computer and security internet forums such as Wilders Security Forums.

Alternatives to Truecrypt

The only free full disk encryption open source software that I have found and can rival Truecrypt is Diskcryptor.

Conclusion about Truecrypt reliability

Don’t get paranoid, even if you are using Truecrypt I could as well be wrong on my analysis and it is highly unlikely the CIA will ever come after you anyway.

Everyone has something to hide, but take it easy,you will need to trust some encryption product in the end and nobody out there knows 100% sure which one is safe, because what is safe today might not be tomorrow.

Just use the best encryption product according to your opinion and relax, there is no point in keeping in your head what could happen to you if you got it wrong, hopefully you did not, and as long as you did your best research on it, that is all that is needed.

For the record, I still recommend Truecrypt, they are my second choice of full disk encryption software after DiskCryptor. I am just raising what I believe are some fair points, because in security, you TRUST NOBODY.

Second Perfect Dark “Anonymous” P2P network user arrested

June 27th, 2010 Comments Off

How do the police trace people sharing illegal files on P2P?

People sharing copyrighted movies and music, as well as child porn and other illegal material through non anonymous peer to peer networks are doomed to be arrested.

The police has a big collection of child porn files product of their raids, they hash those seized files (hashing means creating a unique digital fingerprint) then they insert the hashes into some law enforcement only peer to peer custom software they have, they hook it up to Kazaa, Gnutella, and other peer to peer networks.

The police software searches for other files on the network that have the same hashing algorithm (digital fingerprint), if it matches it, then without even looking at the file the cops knows that user is sharing something illegal, now all they have to do is to log it, get the IP and apply for a warrant to search that person’s home.

One way to thwart this system is by retouching that unique file, for example editing a picture with a photo editor and slightly increasing or decreasing the brightness would convert that file into a “new one”, changing just one pixel could do it and still look the same to the human eye.

The police would now have to get their hands onto that illegal file before they can hash it and insert it into their software. Most of the child porn traded in peer to peer networks is old and chances are that the cops have already come accross it before, unless those pictures or videos are digital changed, the hashing algorithm remains the same.

Changing the name of a picture will not alter its unique digital signature! Only retouching it with an image editor will.

Fuzzy hashing

Some new developments in computer forensics allow for fuzzy hashing, there is already software to do this ssdeep is one such program.

Fuzzy hashing matches files whose hashes (digital fingerprint) are similar and slightly changed files will still be matched, although this is no perfect science, at least not yet, and if the file has changed a lot fuzzy hashing will miss it.

What is peer to peer network Perfect Dark?

Perfect dark is a Japanese peer-to-peer (P2P) file-sharing application for Microsoft Windows, its anonymity relies on a mixnet where traffic is forwarded according to a certain probability, as well as the deniability of the distributed datastore (“unity”), which is stored and transferred in encrypted blocks, with the keys distributed separately.

Perfect Dark peer to peer network

Kyoto’s High-Tech Crime Task Force arrests Perfect Dark user

According to AnimeNetworkOnline, Kyoto’s High-Tech Crime Task Force has arrested a man named Noriaki Matsumoto for allegedly uploading anime online, without the copyright holders’ permission. Matsumoto is only the second known person arrested for using Perfect Dark, a very porpular peer to peer network in Japan, intended to maintain its users’ anonymity.

Kyoto police claims that the suspect admitted that he thought he would not get caught because he was using Perfect Dark. Unfortunately they do not reveal how they cracked the network.

Peer to peer networks designed for anonymity

In light of these news, I can’t reccomend any peer to peer network in particular, Freenet seems to be the most popular which means more content available, but it is also slow and you will need the Frost board (a newsgroup like communications board) to make it worthwhile.

Up to this date, nobody has ever been arrested using one of the P2P networks mentioned below but it does not mean they are safe, use them at your own risk.

Anyone sharing copyrighted music should at the very least use full disk encryption with Truecrypt and never leave the computer unatended, but people breaking the law normally don’t have a brain to bother about encryption.

Alternative P2P networks for anonymous file sharing

Freenet & Frost (Message board for Freenet)

ANts

Mute

Gnunet

Anonymizing Network

i2P & eepSite (to create i2P sites)

(Do not confuse i2P with peer to peer software per se!)

German Privacy Foundation releases CryptoStick

May 10th, 2010 Comments Off

The GPF Crypto Stick is a USB stick in a small form factor containing an integrated OpenPGP smart card to allow easy and high-secure encryption e.g. of e-mail or for authentication in network environments. As opposed to ordinary software solutions, private keys are always inside the Crypto Stick.

All cryptographic operations (decryption and signature because of public key cryptography) are executed on the PIN-protected Crypto Stick.

The GPF Crypto Stick is compatible with various software applications like GnuPG, Mozilla Thunderbird + Enigmail, OpenSSH, Linux PAM, OpenVPN and Mozilla Firefox and it works in Linux, Windows and MAC.

Crypto Key

The Crypto Stick is developed as a non-profit open source project, between other things, the German Privacy Foundation runs various tor nodes, a mixmaster remailer and two i2P routers.

You can find more information about the CryptoStick at:

http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/

Unfortunately right now the online shop is only in German, if you are interested in purchasing a CryptoStick and do not understand German you can email: cryptostick @ privacyfoundation.de

Live CD for anonymous internet browsing: The (Amnesic) Incognito Live System

May 9th, 2010 Comments Off

After the sole developer of Incognito, arguably, the best Linux live CD for anonymous internet browsing, announced that he could not carry on with his work in the project, another anonymous live CD, Amnesia, decided to merge with Incognito Linux live CD, and hence, the (Amnesic) Incognito Live System was born.

Information security awareness poster

Version 0.5 of The Amnesic Incognito Live CD is now out and includes lots of goodies for anonymous internet surfing, encryption and erasing your online tracks, such as:

Tor 0.2.1.25
Vidalia 0.2.8
Claws Mail 3.7.5 with OpenPGP support.
Pidgin automatically connects to irc.oftc.net with a randomized nickname.
At shutdown time, only prompt to remove CD; just halt when booted from a USB stick.
Forbid any IPv6 communication with the outside.
Added some wifi drivers: Ralink rt2570, rt2860 and Broadcom STA.

My hats off to this great live CD for anonymous internet surfing!

For those who fear that the Chinese or British secret services will seize their computers one day, a live CD is the sure way to avoid leaving any tracks on your computer.

Download The (Amnesic) Incognito Live System

Pediatrician testifies in Court 18yo porn actress little lupe is 12 years old

May 2nd, 2010 Comments Off

A New Yorker named Carlos Simon-Timmerman was was detained in Puerto Rico customs for transporting images of a minor. He had bought a porno flick called Little Lupe the Innocent.

He faced a 20 years in jail. After spending two months awaiting trial, his case finally went before a judge. A customs agent and pediatrician both testified, saying the girl was absolutely underage in the video.

Two months in prison until porn actress turned up in Court with her ID

If you have adult porn of women with a shaved cunt you should download Truecrypt and encrypt those images now before you get arrested for owning images of women without pussy hair.

Governments around the World continue to play the child porn card to get totalitarian powers, more and more images and videos are falsely being classified as child porn to increase police budgets and arrest citizens at the voice of “child porn”, what they are guilty of, in reality we will never know.

List of suspected Usenet groups carrying child porn

April 24th, 2010 Comments Off

I got the list of the banned Usenet newsgroups from some Newsprovider FAQ webpage, while explaining what groups they carry, they then posted the names of the newsgroups that legal entities have asked them to censor citing child porn as a excuse.

This Newsprovider FAQ website claims that in April 2009 legal authorities requested them to remove a list of 18 Usenet groups suspected of carrying child porn, to which they agreed without question not even making sure this was truth.

This newsprovider textually says “it was not something we felt was wise to try and defend”. For personal reasons I have decided not to name this little known small Newsgroup provider.

It is appalling the number of Usenet providers willing to comply with non legal requests citing child porn that they can not even proof it exists.

I think it is safe to assume that those unnamed legal authorities providing the list of Usenet groups suspected of carrying child pornography also asked many other Usenet providers to remove them.

Paedophile handbook

LIST OF SUSPECTED CHILD PORN NEWSGROUPS LOOKED INTO

I have been looking at the list (names not content!) of banned Usenet groups that the Government asked to black out claiming they contain child eroticism. I have compared that list with the groups other Usenet providers carry, and at the very least, Newsrazor.net, AltBinaries.com, and even Astraweb.com, they all have stopped carrying the forbidden groups.

Only four of the newsgroups are named after openly mistrustful words such as pedophilia, firsthair, early-teens and 13-17. All of the other banned Usenet groups have completely innocent names. Unless you consider prettyboy, bdcompany, mclt, or adolescents words that inspire something dark.

The censorship is smarter than the Great Firewall of China, they drop access to discussion groups from your face, and to make things more confusing they have kept Usenet groups named very similar to those on the list of banned Usenet groups. Unless you know the clear-cut name of the group you may believe they carry them and they have no messages posted, when in fact it is a typo.

Child porn is being used once more by the enemies of free speech to censor the internet, they do not even have to apply for a Court order anymore, simply send a letter and say “hey, suspected child porn, censor these 18 Usenet groups for me”.

No judge ever checks that there is any ground for the claims and user needs not to be informed.

Child porn lies

USENET FOR EVER

Newsgroups are one of the few free speech spaces left on the internet, because once someone has posted something it can not be taken down, it is then normal that some authorities do not like this, they know far well that the next Usenet posting may contain receipts of politicians corrupt bribes and pictures of police abuse.

I suggest you stop using Usenet providers willing to censor groups without any legal obligation to do so.

LIST OF REAL UNCENSORED NEWS PROVIDERS

The newsgroup providers below carry the list of banned Usenet groups as of April 2010, but nobody can’t guarantee they will be kept censorship free for ever.

I have recommended Astraweb in the past as a real uncensored provider, in light on this, not anymore.

Altopia: The only downside I see to Altopia is that multipart binaries retention is low, but their privacy policy and prices are very reasonable.

BlockNews: They carry most of the hard to find groups, with no censorship at all and better prices than Astraweb in block accounts.

Sonic-News: I have never used them, but they have a search function on their site where you can check what groups they carry and they seem to have all the censored ones.

Anarqy: They outsource their Usenet servers from Highwinds and news-service, I hence doubt they can choose to censor or not to censor groups. Their page looks strangely similar to that of Sonic-News, this makes me believe they are reselling on the same backbone.

Google AdSense: You have 3 working days to make changes to privacylover.com

April 11th, 2010 Comments Off

I recently received an email from Google Adsense telling me that Privacylover breaks its advertising policy and I have been given three working days to change the content of my blog.

I do not intend to change the content, FUCK YOU GOOGLE!

Fuck you Google!

I am therefore removing all of the Google Adsense advertising from this blog instead. I have also emailed Google Adsense support team asking them to review the case and they have not even bothered to reply, they obviously do not give a dime about small bloggers like myself.

Alternatives to Google Adsense

Amazon: I would not use them because many countries do not have a local Amazon outlet and it is only useful for those with USA traffic.

Adbrite: They work like Google Adsense but with much lower rates of payment. Adbrite only pays in USA dollars through check, a big inconvenient if you live abroad. Adbrite advertisements have very low standards and they accept clear scams of the kind “you have won a million dollars click here” as well as annoying advertisements with sound.

Clickbank: You get a lot of get rich quick programs, dodgy e-books etc. There are some quality products in the mix and commissions are very good.

BidVertiser: You get paid for every visitor that clicks on an ad, BidVertiser enables you to filter-out any unwanted ads. You get a point-and-click tool to help you customize the layout of the ads to fit your site’s look and feel.

ShareASale: Pay per sale, lead & PPC affiliate network, established in 2000. ShareASale has a strict “No Software” policy which means you will not have to deal with affiliates utilizing Adware, Toolbars, or other desktop software.

Online Advertising I am using now instead of Google Adsense

Commission Junction: A wide range of sponsors available, all of them with good banners and a clear explanation on how the program works. The affiliates interface is easy to use and you can get paid in Euros as well as USA dollars. You get paid per sale or lead, not clicks or views.

Aiport x-ray full body scanner images of hot girl

March 30th, 2010 2 Comments

A 29 year old British woman (not the one in the picture), Jo Margetson, has recently made a complaint to the police against a London Heathrow airport security guard who said he “loved those gigantic tits,” as she passed through the machine by mistake.

This probably gives an indication of what is to come once airport x-ray full body scanners have been deployed everywhere.

One easy way people could take images of hot women while they pass x-ray full body scanners is by using a mobile phone or tiny spy camera to take a photograph of the screen showing the scanned images and then upload them to Usenet to share with others.

It is now clear you can revert the scan and get the full naked images of the hot sexy girls with very little effort. You will need a simple image editor for this.

Original full body x-ray image of sexy girl:

Airport x-ray full body scanner naked woman

To achieve the effect below with Photoshop you will need to go to “Image>Adjustments>Invert”. Alternatively click on shortcut CTRL+I.

At other image editing software look for a function called “Invert”.

Reverted airport X-ray scanner sexy woman naked

Your airport x-ray scanner porn is nearly ready, now just apply some additional image editor filters, tweak the brightness and contrast, and you will get the result below.

Reverted airport X-ray scanner sexy woman naked

Anyone who comes across x-ray full body scanner images of children could also manufacture naked images of real children, but this is not advised as it would most likely be illegal.

Law enforcement data compliance guides leaked

March 17th, 2010 Comments Off

Everytime you use a service such as Facebook, MySpace, Stickam or Hotmail all of those companies log your IP and record your personal details as well as data of those who have been comunicating with you, email address, time and date, etc.

How long for do social network sites and email companies keep logs and what data is included on them?

That is something that most of them will keep secret from you and do not relase to the public domain, at the same time you will be forced to sign an abusive agreement written in giverish, giving them the power to retain your personal data (username, IP logs,timestamps,anything) for as long as they want and share it with law enforcement if requested to do so.

The FBI is watching you

Facebook, Paypal, Microsoft, Myspace and other law enforcement data compliance guides have now been leaked and posted at Cryptome.

Microsoft even attempted some of their bully boy tactics and issued a DMCA take down notice against Cryptome for posting their Global Criminal Compliance Handbook.

Microsoft seems far too worried that you may find out that Hotmail keeps yougs of your IP for 60 days or that they have a law enforcement hotline for emergency data requests. Something they should make clear to any user signing up for their services anyway.

If you want to know what data does Windows Live Messenger stores in Microsoft servers, How long does Facebook and MySpace keeps your IP logs, and the kind of logs that Paypal and Ebay keep, then download the guides below from Cryptome website.

Microsoft Global Criminal Spy Guide:
http://cryptome.org//isp-spy/microsoft-spy.zip

Ebay-PayPal Law Enforcement Guide:
http://cryptome.org/isp-spy/ebay-paypal-spy.pdf

MySpace Law Enforcement Guide:
http://cryptome.org/isp-spy/myspace-spy.pdf

Comcast Law Enforcement Guide:
http://cryptome.org/isp-spy/comcast-spy.pdf

Facebook Law Enforcement Guide:
http://cryptome.org/isp-spy/facebook-spy.pdf

AOL Law Enforcement Guide:
http://cryptome.org/isp-spy/aol-spy.pdf

Skype Law Enforcement Guide:
http://cryptome.org/isp-spy/skype-spy.pdf

Cox Communications Law Enforcement Guide:
http://cryptome.org/isp-spy/cox-spy.pdf

Stickam Law Enforcement Guide:
http://cryptome.org/isp-spy/stickam-spy.pdf

Cryptome is also a great resource for anyone interested in privacy, I highly recomend it, and if you want to support their work you can buy from their website two DVDs containing the full website archive.

Privacy Lover

Computer privacy and security for the paranoid

How to deactivate geolocation tracking in Firefox and Opera browsers

Analysis: Is there a backdoor in Truecrypt? Is Truecrypt a CIA honeypot?

German Privacy Foundation releases CryptoStick

Live CD for anonymous internet browsing: The (Amnesic) Incognito Live System

Pediatrician testifies in Court 18yo porn actress little lupe is 12 years old

Aiport x-ray full body scanner images of hot girl

Free Updates:

Private internet surfing:

Categories

Archives

WebHosting:

Links