United Kingdom airport gets digital strip search scanner

Author: Frank | Category: other

As we all know the World is full of terrorists, child porn, kidnappers, drug dealers and people who don’t pay their taxes, Manchester airport Terminal 2, in the UK nonetheless, has found a new magic weapon to fight all the evildoers, the digital strip search, aka Rapiscan equipment, for your own security, before boarding on a plane you are to be seen naked by airport staff through x-rays.

UK child pornography law at odds with digital strip searching of kids

Since producing a naked image or pseudoimage of a child is illegal and they have no written parental consent for scanning children(i.e. taking a naked image), the only problem Manchester airport is facing right now is that their full body scanners probably contravene UK child porn law. The scanners have been banned for use on children until this is clarified.

The technology has already been trialled at Heathrow airport as well and if successful it could be rolled out across Britain.

Full body x-ray scanner

The technology behind backscatter x-ray

Backscatter X-ray is a new imaging system which detects the radiation which comes back from the target, A “high energy x-ray beam” moves rapidly over the person’s form and a high resolution image of the person’s nude body is constructed when the scattered x-ray “from a known position” is detected. The images produced by the scan also show breast enlargements and piercings.

The USA following Brits ideas

The US has already taken delivery of x-ray machines from the same company, Rapiscan Systems, there are 23 airports in the United States – with 40 machines collectively – which are also running tests, but it is not clear about which airports they are placed at.

Will airport staff be able to resist this full body scan?

FAKED SCAN (illustration purposes)

Review: Virtual Pritate Network for private internet surfing AceVPN

Author: Frank | Category: anonymous surfing

I have been using AceVPN for three months now and this review is based on this length of time. Before getting into a Virtual Private Network for anonymous internet surfing purposes, you should understand that a VPN will make it more difficult for TLA agencies such as the CiA and Mi5 to spy on you, but a VPN is a single hop proxy, if they want you bad they will most likely have you.

For serious anonymous internet surfing you should use Tor, which unfortunately it is slow for most activities other than posting at bulletin boards.

At the moment there is a 50GB monthly bandwith cap on AceVPN, I think this is a very reasonable amount of bandwith, the average surfer will probably download half that and since P2P programs are not allowed on AceVPN I can hardly see anyone going over the limit.

The Good Stuff

Every time I have emailed AceVPN, around five times, I always got a useful reply in under 24 hours. AceVPN at the time of writing this, has servers in the US, UK and France and claims to be planning new servers at other countries.

One of the USA VPN I was using got blocked by Hulu, a US only TV website, apparently they do not like people from abroad being able to watch their films through a proxy. AceVPN has a secret list of VPNs to access US only sites such as Hulu TV, Pandora radio and Crackle TV, if you email AceVPN support and tell them you want to watch Hulu and they are blocking your proxy, they will send you a new non public configuration file with new servers for the VPN.

AceVPN uses OpenVPN to tunnel the data as opposed to the more unsecure PPTP, and besides Windows, AceVPN also works in Mac, Linux/BSD and the iPhone, any device where you can install OpenVPN should work.

You can choose the UDP or TCP protocol for tunneling. Normally you should choose the UDP protocol, this is que fastest method to download data through the VPN, the TCP protocol is provided because some ISPs and private networks block all UDP traffic to stop certain applications from accessing the internet.

The Bad Stuff

When you sign up for AceVPN they will send you a very hard to remember cryptic password that you can not change, you will need to enter this every time you want to access the VPN, better write it down somewhere, I personally have it saved on a .txt file on my Desktop.

AceVPN has servers in several countries but  in order to choose what server you want to connect to you will have to manually edit the OpenVPN config file in Notepad and comment out the servers you want to avoid, there is no control panel to do this.

Torrents and P2P programs are not allowed at AceVPN, even if some users use it, as  per terms and conditions this is forbidden.

Conclusion

AceVPN is great value for money and it stops your ISP from logging your internet activities making the life of those who spy on others much more difficult, AceVPN is also one of the cheapest VPN available and the wide choice of servers located in different countries guarantees that if one goes down you can still connect somewhere else.

Be aware that during my time with AceVPN one of their USA servers was seized by the FBI, this was due to a DMCA request according to AceVPN management.

While AceVPN claims not to keep logs, the FBI is known to have great computer forensic facilities and only God knows what kind of personal private data from innocent people they managed to retrieve from that server.

I will be greatly surprised if these professional meddlesome informers resisted the temptation of not looking at other users accounts, I will say it again because people’s lives may be at stake, never forget to use full disk encryption as a security back up. A VPN will make the spooks job more difficult but not impossible, privacy advocates are a high target for TLA, people who have a private life scare the shit out of them, they are not used to that, be ready for an early morning raid from people wanting to know what you do in your spare time, whether you use VPN or you don’t, the Obama deception is here, this is not a joke, the CiA means business, your little VPN will not be enough to stop them, think bigger.

http://www.acevpn.com

UPDATE: As of 01 December 2009, I am having serious problems to watch USA TV with AceVPN (it’s very slow), after various speed tests at http://www.speedtest.net I have detected that their USA servers are very slow at times, in the order of 500Kb/download.

This may change in the future but as for now be warned of this problem. Their French and UK server speed was acceptable.

Video: Long Range Acoustic Device deployed in the US

Author: Frank | Category: other

The Long Range Acoustic Device (LRAD) is powerful enough to cause permanent auditory damage and has been used for the first time on USA streets.

The device was originally intended to be used by American warships but it is now being used for crowd control by the US Government. These devices are also currently used at Camp Bucca, Iraq, and are being tested in regions of Baghdad, Fallujah, along with other regions of Iraq.

According to the magazine Foreign Policy LRADs have been sold to the government of the People’s Republic of China, even thought American companies can not sell weapons to China since the Tiananmen Square massacre.

WARNING: You can hear the Long Range Acoustic Device on this video, this will not be pleasant!

Review: Full disk encryption DiskCryptor v0.7.435.90

Author: Frank | Category: encryption

Most of you will have heard of Truecrypt, a free an open source hard disk encryption product, there are only another free and open source software for full disk encryption in Windows that I am aware of, DiskCryptor. You can download a 32bit or 64bit version of Diskcryptor depending on your OS.

I tested DiskCryptor using it for full disk encryption of my netbook, an Asus PC901 with a 12GB HDD divided in between two solid state disks of 8GB and 4GB. DiskCryptor is an ideal alternative to encrypt a netbook because netbooks do not have a CD drive and Truecrypt will force you to burn a CD to use system encryption, which DiskCryptor does not.

DiskCryptor cascade algortyhms

The first thing that impressed me of DiskCryptor is how small it is in size, a little over 500KB, but this comes at a price since the software manual does not come along and you get a link to their website instead.

I was pleased to see DiskCryptor offering a wide choice of encryption algorythms, AES-256, Twofish or Serpent algorithms in XTS mode, all of them seem to be pretty sound algorythms to me, and they can be used on cascade mode as well, VIA Padlock hardware accelaration for encryption and hashing is supported too.

The built-in benchmark shows the top speed with which cryptographic algorithms can perform, but I have to tell you that even on a netbook with a single core Intel Atom processor, regardless of the encryption algortyhm used I noticed no perfomance difference while using the netbook.

DiskCryptor encryption of partition

DiskCryptor allows wipe while encrypting, with three, seven or thirty five passes (Guttman method), but wiping a solid state disk like the one Asus Eee PC901 has is not safe, since solid state disks, like thumb drives, use wear levelling technology and the wiping passes are spread evenly accross the disk and not on the same sectors. If you are using a solid state disk, make sure it does not contain any confidential data that an electrons microscope could recover(very expensive to do right now), the only way to do this is by using a new disk, wiping it may fail to sanitize de disk.

With DiskCryptor you also can encrypt an ISO file and then burn it to CD-R/DVD/BD-R , after that you  will only be able to mount the image with DiskCryptor and the correct password/keyfile.

You can also set up a hot key to cause a blue screen of death, if you need to urgently shut down your computer when someone busts into your home unexpectedly this seems the way to go, it is quicker than clicking on the power off button.

The Good Stuff

DiskCryptor works with RAID volumes, you get a wide choice of algorythms, DiskCryptor is easy to use and unlike Truecrypt, it works on netbooks out of the box. DiskCryptor is open source, you can check for backdoors if you have the skills.

The software does not cost you any money, you can customize the boot loader widely, DiskCryptor boot loader customization is far better than Truecrypt, you can choose to install the bootloader on a CD/DVD, set up timeouts, choose if you want to use a QUERTY or DVORAK keyboard, and there is also a Windows live CD BartPE plugin for DiskCryptor.

The Bad Stuff

DiskCryptor should include some basic documentation at the very least, the GUI is easy to use and intuitive but encryption products need to come with instructions, a newbie could easily feel overwhelmed. DiskCriptor is only available for Windows, and there is no choice of hashing algorythms other than the default SHA-512.

There is also no choice of burning a recovery CD in case the boot loader gets corrupted (although you can backup the headers).

DiskCryptor password box

Conclusion

DiskCryptor is an excellent free and open source full disk encryption  alternative to Truecrypt, with a wide choice of encryption algorythms and easy to use, but they need to improve their poor documentation.

Their FAQ states that they are planning to implement a hidden OS in future versions, I think Diskcryptor looks promising and Truecrypt has a worthy competitor.

Regarding on how safe DiskCryptor is, being open source is a big plus, but that is a matter for the cryptographers and programers to decide, I am neither, I only looked into the usability.

http://www.diskcryptor.net

Video:Big Brother Hates Being Filmed!

Author: Frank | Category: other

It really beggars belief that while the UK police has the right to install CCTV cameras even in public toilets, disguissing it as a “vandalism protection”, they attempt to arrest people filming them in the middle of the street.

As the commentator of this superb video says at the end, do as we say not as we do!

Review: Private internet surfing SSH tunneling Cotse

Author: Frank | Category: anonymous surfing

I have been using Cotse for private internet surfing for over a year and I think this is an accurate review of Cotse based on that. This privacy provider also gives you access to private email, IRC Chat via web interface, web based remailer, SSH tunneling and webhosting.

The first thing to understand is that Cotse SSH tunneling is not for anonymity, but privacy. You will be able to hide from your ISP what websites you are visiting and what you are downloading from the internet, and it will not matter if your ISP keeps logs for one year or twenty years, all they will see when you surf the internet is that you are connected to an SSH tunnel, and anything after that can only be seen and logged by Cotse, your ISP will be powerless to stop this.

In order to use the SSH tunnel in Windows you will need to download an SSH client, my favourite client being KiTTY but there are others around. In Unix,  you simply open the shell and type (example assumes you are using tunnel1):

ssh -L 5000:127.0.0.1:9999 username@tunnel1.cotse.net

With 5000 being the local port being forwarded to port 9999 on the server, using this port will pass on your OS and browser ID to the visited sites, if you forward the traffic to port 8888 Cotse will fake your operating system and browser ID as Windows Vista and Firefox regardless of what OS you use.

You can also forward to port 8080 which uses privoxy, this protects your privacy even further by stopping aggressive advertisements displaying on the screen, but privoxy will slow down  your internet browsing a little.

Cotse SSH tunnel

You can pay for the service with a money order, check, Paypal or credit card, however paying by credit card requires you to reveal your real ISP email address or they will decline payment, according to Cotse this is due to fraud prevention reasons. For anonymous payments you will be better off using a money order or using a virtual credit card and pay through Paypal. Read my post on opening a Paypal account using a fake name to learn how to do this.

Logging Policy

Cotse claims they keep logs of your activities for five days, I think this is reasonable. In an ideal World logs would not exist,but unfortunately some people will abuse privacy services and those users will have to be weeded out one way or another.

Most proxy services will tell you that they do not keep any kind of logs, but technically speaking this is impossible since from the moment you connect to their proxy logs are being created, what happens is that they claim that those logs do not get stored more time than necessary, until you disconnect, and then get overwritten, hence they call it a “no logs” proxy service.

When reading about the logging policy of a privacy service you should consider that it is very easy for them to lie to you and hide their real logging policy. Cotse could easily claim they keep no logs and you would have no way of knowing if these claims are truth or not. By making clear your activities are being stored for five days and then overwritten, Cotse gives me the impression of being an honest provider in regards to their privacy claims of what they can do for you and what not.

There are far too many privacy snakeoil out there advertising the impossible, although I believe it is possible to run a “no logs” privacy service, the problem will always be finding out who is lying and who is not.

Internet IP logs

The Good Stuff

You can use Cotse SSH tunnel with Unix systems as well as Windows, their tunneling service is ideal to be used together with a live Linux CD leaving no computer tracks.

You not only get an SSH secure tunnel but also a private email service (Squirrelmal interface) with POP and IMAP, you also get a fairly decent hosting account with no speech limitations other than illegal content in the US where Cotse and its servers are based.

You have no bandwidth limitations when using SSH tunnelling and Cotse provides alternative ports like 443 in case your ISP blocks the default SSH port 22.

Unlike a VPN, if the SSH tunnel goes down for some reason, your real computer IP will not be exposed and your internet will stop working, this is a good thing. In a VPN, when the service goes down, your internet connection simply borrows your real IP instead with the risk of exposing your identity.

The Cotse email address that comes with the SSH tunnel has automatically expiring aliases, SSL connexion and a highly configurable spam filter, as well as hiding the sender IP on the headers.

Cotse helpdesk is excellent and they always reply under 24 hours, downtime of the SSH tunnel is also minimal, in one year I must have experienced thirty minutes downtime altogether, speed through the tunnel is unnoticeable from the direct connection.

The Bad Stuff

You are not allowed to use torrents through the SSH tunnel as p2p incoming connexions cause issues to the other customers, and the tunnel will disconnect automatically after 600 minutes of continous use (ten hours), you will have to reconnect after that.

Using a credit card for payment will require you to reveal your ISP  assigned email address, payments with a virtual credit card under assumed name will only be possible using Paypal. Your other alternative is a money order or check.

Webspace monthly bandwidth is poor at 1000MB, it will be enough for a text only personal website but no more than that. Their IRC web based chat is blocked by some Undernet servers (due to abuse), other than that it works fine at other networks.

Setting up Cotse SSH tunnel can be a bit overwhelming for someone who is new to the internet, it may take them a while to figure out how to configure everything.

Conclusion

Cotse makes excellent value for money, and you not only get an SSH tunnel but also a private email address and webhosting. If you want a cheap private proxy with no bandwith limitations that works accross Unix as well as Windows, then Cotse is probably for you.

Their five days logs policy is worse than other sites promising not to keep any kind of logs, but you can not be sure those sites are telling you the truth, in fact you can not even be sure Cotse is not logging your activities for longer than the five stated days, you have no way around this other than running your own proxy server.

http://www.cotse.net

Notice: Review based on the basic SSH Internet Shield Cotse service, you can upgrade this for extra features.

SSH tunneling between two computers

Video: Location Tracking Beyond Privacy

Author: Frank | Category: other

Lecture by Paul Dourish for the Stanford University Human-Computer Interaction Seminar (CS 547). Mobility is no longer sufficient; location-tracking is a key feature.

The introduction of location-based technologies has traditionally been accompanied by a series of concerns over privacy. These discussions, though, adopt a fairly reductive model of privacy, concerned primarily with the trade-offs involved in service provision and location disclosure.

Video: Social networks privacy dangers

Author: Frank | Category: other

An excellent University of North Carolina video where Fred Stutzman discusses Facebook, Myspace, and social networks in general.

The concepts of Social surveilance, weak vs. strong ties, and the effect of the “invisible audience”. The differences between social networks, and the effects of social networks on society in terms of privacy implications are discussed.

Note: The video and audio quality of this video sucks, I am just posting it for the content which I thought it is quite interesting.

Video: Confronting the Surveillance Society

Author: Frank | Category: other

Talk by James Bamford author of “The Puzzle Palace” and “Body of Secrets” & Chris Calabrese Program Counsel of the ACLU Technology and Liberty Project.

This video, nearly one hour long, has a good history of all the dirty tricks the National Security Agency in US has been playing all along their history. You should be able to understand quickly why trusting the NSA with any of your data is not a good idea.

Video: Surveillance Privacy Protection

Author: Frank | Category: other

Computer scientist Samson Cheung of the University of Kentucky creates programs that can manipulate video surveillance all the way down to the pixel level.

You can watch in this video how the technology exists to avoid intrusive CCTV from recording people who do not wish to be on camera. The only problem I see with this is that most countries do not actually give monkey’s about citizens privacy and unless they are forced to do so they will not adopt such technology, rather the opposite, the more people they can film 24/7, the better for them.