Tag "English"

Blackphone - Pure US product

Par SwissTengu @SwissTengu @SwissTengu — 2014-03-25T06:59:23
"The Blackphone is out", "The Blackphone will save your privacy".

Yeah, right. We can see this on every web page. Of course, nowadays, with the NSA and other "nice" people caring about our security and integrity, this Blackphone seems promising. Data servers are in Switzerland and Canada, which seems cool and fancy.

More over, fact it involves Silent Circle, created by Phil Zimmermann, seems to make it legit. Well… Really?

Let's have a closer look at this Miracle of Privacy.

Hardware

Here, nothing to say: the hardware description doesn't provide any information regarding its openness. Nevertheless, two thing will still be closed: the baseband OS and SIM OS. Imagine an OS embedded in your phone you can't access at all nor monitor. How great, right?

More over, this blackbox is managing all you mobile communication. Meaning it can send and receive data without your knowledge.

This means just one thing: the Blackphone won't do anything in order to correct this bad point (or back door).

Software

Here, it's a bit more funny: the Blackphone embedded a lot of things from Silent Circle. After a quick scan on their web site, we can just see one thing: nothing is free (though 2 years are offered for free when you buy the Blackphone), nothing is opened. So we should just trust them? OK, Mr ZImmermann is "someone", but hey… If we had to learn ONE thing from all the Snowden stuff: never trust anyone.

Operating system

On this side : nothing. No source. No information regarding its openness. Once again, "trust us". Guys, seriously… This won't do it. This is not the way to go.

Alternatives

Of course, we have some ways to get a smarter phone: custom roms like AOKP, Slimroms, Pac-rom or Cyanogenmod are widely available. They are opened, meaning community can get a hand on them, dig inside the code in order to ensure nothing bad is hidden in there. They are free, meaning you won't need to pay anything (but donation are welcomed).

More over, most of them come without any bulky application installed: you get a vanilla android, with some customisation like a better control centre, or the ability to blacklist number or even the ability to override application permissions in order to get a quiet phone.

If you want to go fully open source, you may as well go away from Play and gapps services, and use some alternate market like f-droid.org, which provides only open sources applications.

Just to show you the possibilities:

Silent Text, using some monthly or annually subscription, using US servers and so on, may be replaced by the following applications:
- TextSecure, from Whispersystems
- Kontalk, an open alternative under heavy development
- Threema, closed source application developed by Kasper Systems GmbH, a 100% Swiss company

Silent Phone may be replaced by RedPhone, also developed by Whispersystems. There is also the OSTel service available, which provide encrypted SIP service for free. This one is backed up by the GuardianProject.

All of those (except Threema) are free and opened. And, for what we can tell, the security of most of them is controllable.

So, ready to pay more than 600USD for some closed phone when you may install some opened ROM on your current mobile and install fully opened application ensuring your own privacy?

More »»

Catégories en relation

Revolution has already started...

Par rachyandco — 2014-03-25T06:59:28
already in your home, your body... soon in your soul...

http://hardknoxlife.files.word..." alt="http://hardknoxlife.files.word..." class="" id="" />

More »»

Catégories en relation

Watch out Permissions

Par SwissTengu @SwissTengu @SwissTengu — 2014-03-25T06:59:30
The permissions. You know, the stuff nobody really reads. The stuff you just accept, like the EULA and other boring contracts.

But, in fact, you really should read them. They should make you think twice when you're installing some stuff. For example, why should a game get access to your phone identity? Or your contacts?

Fact is, developers and editors will convince you they really need those accesses: "it will help us to debug the app if you get problems", "easy support", "help you comparing your score with your contacts" and so on.
How nice. How innocent. But, really, do you believe them? Do you really think the phone IMEI is really needed in order to improve the application?

This becomes even more interesting when you deal with public services app. In Switzerland at least, they are all closed. Unavailable outside official app stores, and requiring a lot of weird access, as this one for example.

Hopefully, some Android alternative ROMs offer the possibility to set up permission after the app installation. For example, Slimroms allows you to set either system or user apps permission. Problem is: this may be set up only after the app installation, meaning it may send out information without your consent before you lock them down.

Permissions is the only (easy) way you may prevent unauthorized access to your data — current systems don't allow you to chose what you really want to allow at the installation. This is why you really should consider reading and understand them before you click "install".
Of course, all devs and editors aren't bad guys. But in the current situation, WHO do you want to trust? WHO deserve to be trusted? Not so many people I think. You may as well sign some pact with the Devil instead of accepting without a glance the permissions we want to force.

The only acceptable solution would be:
- at least allow to disallow permissions at the installation time (with some warning letting you know/understand this may break some part of the app)
- at least, explain WHY the app needs those rights.

Some already do explain the rights they need. This should be the case for all of the existing app.

Maybe, if everybody reads the permissions, and just act with intelligence, asking "why the hell do they need this?!" to the right person, this will change. It has to change. Nobody can be trusted, and they still try to get more and more information on you.

Raise up people, spread the word, don't accept the current situation! Because it is unacceptable.

More »»

Catégories en relation

Big Brother State : ◼◼◼◼◻◻◻◻◻◻ (in progress) - adding Eurosur

Par rachyandco — 2014-03-26T11:48:29
http://frontex.europa.eu/thumb..." alt="http://frontex.europa.eu/thumb..." class="" id="" />

You thought ACTA was fun? CleanIT was for amateur? FATCA not a real risk?

Take a look at EUROSUR... an interesting european rule.

In short, by explaining how we should surveil borders better (to save poor immigrants of diying in boats...), it creates a legal framework and and tools for a total surveillance of the world... I hear you say... "you're joking right?"

Well read it ! and read the Pirates view on this.... the Swiss pirates made some comments and they are fun! (or not)

Hey this blog is about privacy no? where is the privacy in Eurosur?... well... here is you point....

So now... let's take over the world!

More »»

Catégories en relation

Digital self defense cookbook - Part I

Par cta @christiantanner @christiantanner — 2014-03-27T14:18:50
By now it should be clear to everyone that any information - voice, text, image, video, any combination of the above, basically anything - sent over the vast expanse of the public internet will be copied and stored by various interest groups. Be they telecom operators (for quality assurance purposes or due to regulatory demands), private companies (with whom you explicitly or implicitly share the information or who buy the data) all flavours and colours of national and international security agencies, as well as criminals of all walks of life.

This sucks. Particularly the bit about our government agencies who have turned the principle of trust upside down. Be that as it may: what can we do? Can we even do something? Anything? Yes, we can! The magic word is encryption. Preferably encryption which is not based on the principle of security by obscurity, but rather based on tried and tested, free, public, open source solutions. So here's a little primer of selected programs and apps that can help you keep your private data - and conversations - private.

Email: Gnu Privacy Guard (GPG), free opens source version of PGP (pretty good privacy). Comes with good command line support and integrates well into Thunderbird using the Enigmail Plug-In. Also works on Mac (via GPGTools) and Windows (via GPG4Win). Also works on Android (via K9 Mail and APG).

Caveat: Choose a strong password (more on those at a later point in time). Keep your password safe (for the love of all that is good and true: KEEP YOUR PASSWORD SAFE). And keep your private key safe, too!

Data: Truecrypt. While the software is free and open source, the development process is not entirely so, however it is currently undergoing a very thorough review. Truecrypt can encrypt entire volumes, or generate so called Truecrypt containers which for all intents and purposes function like normal storage devices. Except obviously for the fact that data is encrypted. Also works on Windows and Mac (which is one of the main selling points). It gives you the possibility to create so called hidden volumes within a Truecrypt file, which brings us into the slightly worrying territory of plausible deniability, a concept more relevant in totalitarian countries (in short, you use two passwords: one unlocks the normal volume, the other the hidden one. So should you ever be forced to give up your password [in the UK, for example, you can be imprisoned without trial for not giving up your password], you give the one for the normal volume. There is no way to prove that a hidden volume exists within the same file).

Again: Choose good, strong, unique passwords and keep the suckers SAFE!

Chat: XMPP OTR (yeah, we do love our acronyms, don't we!) Extensible Messaging and Presence Protocol Off The Record. XMPP was originally called Jabber. Popular clients are Jitsi (GNU/Linux, Mac and Windows), Adium (Mac), Gajim (BSD; GNU/Linux, Windows) as well as ChatSecure (formerly known as Gibberbot) on Android (and iOS). ChatSecure is part of The Guardian Project which will be mentioned a few more times in this and upcoming articles.

Voice: OSTEL (again, part of The Guardian Project) uses ZRTP (an upgrade to SRTP [Secure Real-time Transport Protocol]) for voice communication. Popular Client software is (again) Jitsi on GNU/Linux, Mac and Windows and CSipSimple on Android (paid solutions exist for iOS devices and Blackberry).

That's it for a start. More on encryption, passwords, obfuscation and other things at a later time.

More »»

Catégories en relation

Swiss Police forces is selling you to the US

Par rachyandco — 2014-03-28T09:52:24
Ok.... now that's funny.

or not.

The Geneva and Vaud police are trendy!! Yeah!! Got a security problem? there's an app for this. They actually spent 100.000 CHF (!!!!!!!) for an app. Here it is.

But this app is only available on Google Play and Apple Store. We checked the police website, there is no way to download the app elsewhere.

So let me get this strait!!

If you want to use the help of Swiss Police, as a Swiss resident you are FORCED to be sold to a US company and SURVEILLED by the US NSA, CIA and all the others...

You are not crying? I am :(

Ok now lets do some real work and free some apps..... (to be continued)

get it here

More »»

Swiss critical infrastructure: Right decision! Wrong implementation!

Par rachyandco — 2014-04-01T12:14:59
So after the whole Snowden revelations (nothing new in reality) thing, the swiss Federal Council seemed, I said "seemed", to have taken a clear decision. From now on, ALL CRITICAL IT INFRASTRUCTURE SHOULD BE SWISS CONTROLED.

Wow. If you don't believe me the decision is here: in German and in French.

So since we had this news, our administration didn't come back on its decision to use for our national phone tapping system an israeli-american solution. In the mean time we also learn that our maybe (not) future jet planes Gripen have a US black box system to be use also for communications.

And now, this is the really new part, the BIT (our national IT super service), is going to implement a full VOIP system.. Cool, no more fixed lines in the whole administration... but for this they will be using Lync from Microsoft.... here is the news...

So this is where I get angry. We are pushing our companies to comply to american law (FATCA), we are even selling our own citizens names to US administration. We are giving all our IT infrastructure to the US including the security certificates. Even one of our national official electronic signature provider is controlled by the US!!!!

What the fuck is happening?????

We are smart enough to make our own decisions. Than we have to be smart to use our own tools! And they have to be modern, transparent, resilient, distributed!!!!

I start to believe it will be easier if we just rebuild our institutions from scratch online.. make the AFK ones obsolete... ;)

More »»

I am Human... also on the Net

Par rachyandco — 2014-04-17T07:58:01
Yes I am a human!
With 2 arms 2 legs... Actually, without arms or legs, I would still be a human...
I am a man or a women... or something in between. We don't give a damn.
I also have a brain, thoughts and feelings, some say a spirit.
I am myself a free human being capable of taking my own decisions. Wow!

And our society is recognizing this fact after centuries of wars and fights. Slavery is gone, death penalty disappeared in some places, human rights could be better respected but at least they exist.

Today, anyone on this planet can say: you don't have the right to rape me! you don't have the right to enslave me!
Enforcing this is a bloody other story, sadly...

But when we go on the net... what happens there?

I am still human. I still have emotions... my posts on social networks show that.
I have needs, like food... my shopping cart on the supermarket website is full of it!
I have a brain, even an extension of it: my devices, my laptop.
My phone is an extension of my communication devices called ear, mouth using some protocol called language.

Yes my traces, the logs I am leaving behind BELONGS TO ME. Like the DNA I leave behind me in the real world. Like the hormones traces I leave behind.
We don't think that in the real world we leave traces... but remember a dog can follow you hormone path!

On the net, I exist 24/7! And I can be awake 24/7! My tax data or medical data is sitting somewhere on a state computer that is always on! That data is still me!
My consumer profile is much bigger and starts to look like an avatar of me. This also is part of me.

But no..

EU law say you are a "Data Subject"
EU law say that you are not the owner of you data.
EU law acknowledge that we are all digital slaves.

Social networks provides us with a space for life, to share things with friends or anons. Social network companies today have the right to execute a digital death sentence! They even don't need a judge!

Some companies are collecting data on us, enhancing it, a reselling it. All this without our knowledge! Some of this data is even used against us! Some companies give Credit Ratings on each human being! We are put in categories. Measured. And once we fall into one category... there is no chance to escape. There is no right for forgiveness on the net.

We ARE digital slaves. We need to realize this.
A company an institution which whom I have no relations, should not hold part of my digital self! This is a crime that is taking place everyday!
My data should not be used to avoid me to engage into relations! No one has the right to say who I should not meet or not commerce with exect me and the other party. This is a crime to put a Credit Rating on someone!

We have now to break out of this! how?
Reclaim your data. Sue any company that would hold your data without your knowledge (ok thats hard...). Disconnect all services that you don't need. Use anonimity! Use TOR! Talk to your politician. Refuse those supermarket cards! Use crypto-currencies! Use anything that is disruptive, distributed, that has no single point of control! Use Bittorrent! Use Linux, use GPG for you mails!

Encrypt everything. Because when you break step by step from your slavery, you are the sole responsible of you life... that can be scary...

Internet is not a tool. It is a space for life, filled with human beings and robots. There should be no slaves!

More »»

Catégories en relation

Privacy Is A Human Right

Par kl4v @subtruth @subtruth — 2014-04-17T17:36:46

On 30.12.2013, a few days into his pension, Germany's Ex-Federal Commissioner for Data Protection and Freedom of Information Peter Schaar stood in front of the 30th Chaos Communication Congress and held a speech about the roles and scope of action of data protection officers in the EU. You can watch it here (in German).

Here are a couple of interesting points (leaving aside anything concerning Germany specifically):

The International Declaration of Human Rights claims:

Article 12
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Article 17 of the International Covenant on Civil and Political Rights of 1966 says pretty much the same thing.

From this derives that privacy is a human right that should be respected internationally, not only within national boundaries (hence the absurdity of Obama's "we only spy on foreigners").

On the European scale, Article 8 of the Charter of Fundamental Rights of the European Union adds the necessity of a control by an independent authority - optimally: the national data protection officers. More precisely, the implementation of data protection is detailed in the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 1981 – also signed by Switzerland – as well as Directives 95/46/EC and 2002/58/EC of the European Parliament and of the Council (see also François Charlet's article).

So should anyone tell you that data protection and privacy are a thing of the past, let her remember that they are a right on a strong basis, for which there are laws.

National data protection officers are to care that it is respected within their respective countries. They need to be completely independent and have ways to punish too. A big exception is made for police and intelligence services when related to questions of "national security", the definition of which is not always clear (Schaar got into trouble because of his insistence to have the German government do something about the NSA scandal).

Schaar did not hide the fact that the situation of data protection officers accross the EU is by far not optimal yet. Furthermore, there are quite some discrepancies between countries in this regard. But progress comes from the top of the EU to the bottom: the European Court of Justice has not hesitated to blame national states like Germany and Austria several times for their insufficient support of the independent action of their data protection officers. They had to act accordingly.

Are the data protection officers part of civil society? No - they have to listen to all parties. But they can try to build bridges between them, and engage in the public debate. Their role is not easy – they could do with some support. Schaar certainly deserved his standing ovation at the end of his speech.

More »»

Catégories en relation

Privacy Tip: Living in an Ad-Free world

Par rachyandco — 2014-04-18T19:24:37
"If it's free, then you are the product"

This is the biggest lie that has been invented to justify companies to digitally enslave you.

The Internet is a world of open protocols that you can control! Use them. I live in an Ad Free world... still I am using all the services you are using daily.

First Step: install AdBlock

Free yourself! Reclaim your data! Then come back here and leave a comment.

More »»

Catégories en relation

What about adding our digital integrity in the Constitution?

Par rachyandco — 2014-09-25T19:44:41
The actual situation is definitly not good: data protection law are inefficient for several reason, but mainly 3:
1. budget and enforcement powers of data protection officer are close to zero
2. any new rule enforced is an recipe of the old world with (unexpected)  bad consequence. eg. Right to be forgotten vs google = Streisand effect
3. even if data protection specialists says the contrary, there is not  actual change of "ownership" of data from the data holder to the  individual.

having a good data protection is key for a trusted online world. however the wording is important. No one cares about "data".

With  the actual state of data protection in Europe, authorities have no good  argument against mass surveillance either. "NSA you are gathering all  that data on our citizens! not good!" reply:"So what that data does not  even belong to them"

In the constitution we have art 13: which is  in my sense useless. You are protected against the misuse of personal  data. Please define misuse. It seems that using you data without your  knowledge to influence your life (cf moneyhouse) is not a misuse, by  actual law.

So lets forget that art 13. We can even get rid of it, it does not bring anything.

Lets look at article 10. This is about the right to life. much more interesting. 
"Every person has the right to personal liberty and in particular to physical and mental integrity and to freedom of movement."

why  do we have this text here? when we wanted to have a world where all  people are equal (rights) we need to define somehow what a human being  is. In that time, we had a body and a mind. The mind part was a key  element as you can see with debates in the 18th century about if African  people had a mind. So it was a real question at that time and had to be  settled. Because if you don't have a mind, I can brainwash you with no  problem. If your body is not yours then I can put you in slavery.

Ok back to our "new world"

That's  where I say, let's make a step. And we can say the human being has also  a part that is digital. So let's first acknowledge this.
Let us  recognize that we have this digital part in us, let us claim it. We  claimed our body, we claimed our mind, lets claim our digital part.

How?

Well, it could start with one word.
"Every  person has the right to personal liberty and in particular to physical,  digital and mental integrity and to freedom of movement."

From there on, when we think about digital interaction, we would ask ourselves: does it hurt my digital integrity?
Mass  surveillance does, blocking dns does, not allowing my itunes music to  be given to my kids does, having a credit rating a moneyhouse does,  having to use not secure communication tools with my authorities does,  being sent to jail because I have copied a file.

And for the  future, we have a strong case for mixing our physical body with digital  parts.. It should not hurt integrity. If we do not add the digital side,  the technology in our body will eventually take over our free will.

Suddenly we can say the human has an digital existence. 
Funnily  there is one place in the world that has this right already in place.  This is Delaware in the US. But is only applies the moment you are  dying. Then http://arstechnica.com/tech-policy/2014/08/delaware-becomes-first-state-to-give-heirs-broad-digital-assets-access/ your will executor has the right by law to access all your digital assets and transfer them. 

More »»

Swiss ISP security lookup

Par noskill @_noskill @_noskill — 2015-12-29T23:14:12
Switzerland is a small country
  • Intro
    • Few ISP (monopole kind of thing)
    • Bad security on only one ISP -> large chunk of victims.
    • (image of chunk)
  • Material
    • Swisscom's media center thingie. (to test)
      • Getting to know each other
        • Photos of the inside of the beast
        • Look for debug ports
        • OS/RTOS ?
        • Bootloader ?
        • Firmware ?
        • Update policy ?
        • Get a shell ?

More »»

Catégories en relation