Archive for the ‘Privacy’ Category

The slight madness of cards…

Sunday, September 15th, 2013

Recently I have bought a metal case to keep all kind of cards that I carry around daily around with me. First this case protects the cards from damage (some cards are easily damaged). But what is maybe even more important is that this case makes the RFID readers (and equipment alike) cannot access the cards.

Then I realized how many cards I carry everyday around and I was surprised by that. These are the cards that I have always on me when I am not home:

» ATM/Bank card
» Dutch ID card
» A credit card
» A healthcare card
» A card of the Dutch rail company that I use to trave to my work
» OV Chipcard, an anonymous card for the public transport
» Access card “Noordhollands Duinreservaat” (Dune area)
» Airmiles card
» Ikea Family card
» Discount card of a Dutch drugstore
» Membercard of the Dutch Nikon Club

Sure, a number of these card not really needed to have them on you all the time. But that will simple mean for me that I will forgot to take them along when I would need them.

And as I talked about with Marion, she showed me that she has even more (as a business credit card, a gasoline card and several membership cards). And she assured me that there a lot of people out there with many more cards then she and I have together.

Here is the point to think about: All these card are somewhere and somehow registered into one or more databases. Some cards hold not that important information (as for example my Nikon Club card), but others contain very private and important information. ID cards, ATM cards en credit cards are a clear example of this. It is good to take care of these cards. As said, the metal case makes it impossible for RFID-readers and alike to access the data stored on the cards. And another nice thing of the metal case is that I keep it in the front pocket of my jeans and it is harder to steal something from those pockets as for example the pockets on the back.

Life is there to… secure data

Sunday, December 2nd, 2012

Lately I have been pondering a lot about the data on my computers. There is a lot of private and more of less confidential information on those, specially on the one that I use the most.
All kind of documents with letters that I sent to people and companies… salary and tax forms… banking software…
But also more private things as mail threads with Marion and Sanne… photographs I made… so things that are of no concern to most people out there.

There is always the risk that a computer gets stolen. For mobile devices as laptop and tablets this risk is even rather high, but also desktops can be removed with a burglary.
And then there is something else where people hardly think about. What happens with a computer when someone passes away? Mostly they end up with someone in the family and that is basically okay with me, but not the data. The data should only be accessible by a very small group of people…

I have been overthinking how I protect this data that is so important to me.

Well, I had a BIOS password active on all computers (so you had to enter a password before the computer could boot). But this easy to pass by… remove the BIOS battery for two minutes… or play a bit with some dip-switches and this password is cleared. And how to do this exactly is freely available on the Internet. So not a real good solution.

The Windows password (especially on standalone computers) is a joke and gives only false sense of security. There are thousands of programs available on the Internet to reset a Windows password. Even more, it possible to boot with a special CD and bypass Windows completely and get full access to the file system directly.

So it was for someone who knows a little bit about computers not very hard to get past the two “security measures” I had in place. Of course I know this already all for a long time and I also knew the solution…. full disk encryption!

So what kept me from encrypting those hard disks? Performance of the computer… My previous experiences on this matter have not been very good. I have seen very fast computers turn into slow monsters by disk encryption.
And as I use my computer also for (online) gaming, performance is very important to me as well.

For some time have been using a solution in between. With TrueCrypt I created encrypted containers on my computers and stored in those the data I wanted to be safe. This worked well, as long you are aware where all the importanted data is located. TrueCrypt is an encrypting program that create encrypted containers, but can also encrypt devices as USB sticks and hard disks.
Why TrueCrypt? It has a very good reputation and above all, it is Open Source. This means that I can be sure that there are no back doors.
There are stories going around that people managed to hack TrueCrypt. But in all those cases TrueCrypt was not hacked, but the system where it was used on was compromised (as example, keylogger that registers a password that was entered).

Anyway, back to the performance issue. On many places I read that TrueCrypt encryption would have almost no effect on the performance. I saw many benchmarks to support this statement. Even for playing games it would not differ very much (after all much of gaming is done in memory).

So as test I encrypted the two hard disks in my “old” duo core machine (Intel Core 2CPU @ 1.86 GHz, AIT Radeon X1550 Graphic card, 2 Gb memory, running Windows 7 32 bits). Normally I use this computer only for things as MSN, Skype, IRC and such. And every now and then I use it for duo-boxing (playing on two computers with a character on each computer in a online game. Mostly the second characters is a healer-type to support the first character).
And yes, the difference in performance was very acceptable.

So after making a complete backup, I started yesterday early in the morning the encryption of the hard drive in my main computer (Intel I7 2600 CPU @ 3,40 GHz, ATI Radeon HD 5870 graphic card, 8Gb memory, running Windows 7 64 bits). During the day I had other things to do, so a nice opportunity to do this lengthy task. It took a bit over 13 hours to encrypt the 1.5 Terabyte hard disk.

Very nifty is the option of TrueCrypt that you can suspend the encryption process and use the computer as normal again or even to switch it completely off and resume the process later.

The end result? I am very happy with it.

The system is bit slower during booting, but that I will solve soon by installing a (encrypted) SSD (Solid State Disk) with the operation system on it.

But when it runs, it is as fast as it always was. Of course that the CPU in my main computer fully supports the hardware-accelerated AES encryption (Intel AES-IN instruction set) helps a lot. It boosts the encryption process to 4 to 8 times faster. This also explains that my duo-core computer shows a little decrease in performance as it doesn’t support this hardware-acceleration.

Even in heavy online games (as Everquest II) there is really no decrease in performance noticeable. Also not during the loading of new zones (and there I would have expected it).

To access this encrypted hard drive you need a password that is longer than 20 characters, contains uppercase, lowercase, numbers and reading signs…. It is nowhere written down and memorized by the 3 persons who should always have access to it.

If someone would consider a brute force attack on it (and no, I was not so stupid to enter the password on the website that made the calculation below, but entered a password that was constructed in a similar way):

Have fun with that…. *grins*

A black day for the Internet…

Wednesday, January 11th, 2012

I just read that two big Dutch Internet-provider, XS4ALL and Ziggo, are ordered by a judge to block the site of The Pirate Bay. This is in my opinion very bad.

Why bad? No, not because the content that you can get at The Pirate Bay. To be honest, I never even connected to their site. People who know me a little are well aware of my rather nice collection of legal CD’s, DvD’s and BluRays. And I buy rather a lot at iTunes.
And I think everyone should do concerning downloading illegal content what he/she thinks is best. I don’t mind and I don’t judge.

It is bad because it damages the freedom of the Internet. It is bad because the rights of some big companies seems to be more important then the fundamental rights of Dutch citizens. This is another step to “Big Brother”. Today it is a server with illegal content. Tomorrow it may be a site with political content that “someone” doesn’t like.

And it dumb, because someone with a little knowledge of the Internet can easily by-pass such a blockade. And in no time there will be many manuals online how to do this for those that don’t know.

The only rightful way to handle servers with illegal content is bringing down that server. That may be hard when that server in another country. True, but forcing the “transporter” to block certain “ways” is a bad thing and even very dangerous when it comes down to freedom of speech and information.

XS4ALL will appeal against the decision of this judge and Ziggo may do the same. I truly hope that another judge may see how wrong this is….

Privacy again

Wednesday, December 29th, 2010

It kinda funny, after reading a newspaper this morning I decided that it was about time to write an article on privacy again… and just I noticed that Patrick did the same on his weblog yesterday.

This morning I read that the government has far reaching plans to gain control on the information flow on the Internet. The technique they want to use for this is “Deep Packet Inspection”. This means that they will literally check the contents of the data-packets that are send over Internet (to put it simple, there is more to that).
This means that they can check every mail that is sent and check every file that is transported over the Internet.
They also want to check behavior of people. An example that was literally mentioned was that someone who bought an expensive camera and earned some more money then normal was already a suspect for producing porn with children? This is too stupid for words.

Don’t get me wrong. I think that porn with children is disgusting and should be acted very hard on… but not with any grounded proof. This is even forbidden by our Constitution. There is clearly stated that someone is innocent until proven different and there should be a very clear suspicion before there may be acted on someone.

To be honest, I think whole child porn-argument is not what is really behind this all. Governments and their “secret agencies” fear the Internet because it out of their control (see the whole Wikileaks matter). And I think the real reason is that they want to have grip on what is happening on the Internet.

I agree with Patrick what he writes on his log, that is too silly for word when you use PGP/GnuPG, masked IP-numbers, OpenProxy and things like that make you a suspect of cybercrime.

Me? I already use GnuPG (the Open Source version of PGP) and I will encourage all people I exchange regular mail with to do the same. Already all mail I exchange with Marion is encrypted with GnuPG. Chatting I will do more and more through Skype because of its high level of encryption. And if I can find a thing to protect my privacy…. I will!

This they promised never to do…

Friday, August 28th, 2009

They promised us over and over again never to use the Dutch security number (“SOFI Number”) to connect all kind of databases together.

What did they do? They renamed the “SOFI Number” it to “BSN Number” and do with that what they said they never would do.

Today I needed to have some x-rays made. At the counter of the poli I was told that I needed a new medical card for the hospital. So okay I handed over my card for the insurance company. They also needed my ID card or passport. I was like “WTF?????”.

On the new medical card my BSN Number (better known as SOFI number) is registered. With other words, my complete medical history is now connected to all the other databases that are accessible that use the BSN Number….

WTF!!!!!

Something to think about

Friday, August 14th, 2009

Today in another discussion about privacy and security (with many “I don’t have anything to hide” folks) I did read something that said it all for me…

When they came for the communists, I didn’t say anything…
I am not a communist.

When they came for the Union people, I didn’t say anything…
I am not an Union member.

When they came for the Jews, I didn’t say anything…
I am not a Jew.

When they came for the Catholics, I didn’t say anything…
I am not a Catholic.

When they came for me,
there was no one left to say something!!!

(Reverend Niemöller, Germany)

Privacy and security is something that should concern all of us and should be a reason for all to stand up! And specially nothing about turning away from things pretending you did not see anything!

Ashamed

Thursday, June 4th, 2009

Today we had the European elections… and for the first time I felt ashamed for my countrymen.

A hate spreading party as the PVV seems to be growing fast. I am so ashamed…. so ashamed….

Encryption, part II

Monday, October 20th, 2008

Encrypting again…

Like I use to say, when you do something do it good. And when you find something to improve, do it.

For mail I can use GnuPG to sign and/or encrypt my mail. And this is working very well. Marion and I use it all the time. We talk often per mail about things that are not meant for everyone eyes. After all, mail has concerning privacy only the value of a postcard.
It is amazing to see what kind of confident information people sent through mail without even over thinking it.

Anyway, yesterday I suddenly realized that I also store confident information on my laptop outside my mail. Things as documents and pictures. Some work related files. These files were fully accessible by anyone who could put their hand on my laptop. Which could happen if in the worse case my laptop gets stolen, but even when my laptop stands on my desk and I am away from my desk.

So I looked for a program for file encryption. I found one that serves my purpose completely. This program is called TrueCrypt. TrueCrypt is Open Source and that way I can be assured that there are no backdoors (because the source is available to anyone).
With TrueCrypt you can create volumes, when not mounted these volumes are encrypted and so not accesible by anyone. And so their contents are safe for stranger eyes. And this is how it should be…

A Web of Trust

Wednesday, September 24th, 2008

Sometimes the current gets passed by the past… Last week something like that happened again.

At work we had our weekly team-meeting. We always tell what we are busy with so everyone has an idea what all is going on.
My colleague Anitha told she was working on an encryption matter that involved key servers. As I did work a lot in the past with PGP (Pretty Good Privacy)/GPG (Gnu Privacy Guard) I made a remark that I could maybe be helpful with some resources and information I have or can get on the matter.
Then our team leader said that it is an fully PGP/GPG project. Later I learned from Anitha it was about verifying messages between applications we use (which are highly confidential)

This made me really think back at the time I used PGP/GPG all the time… and I wondered why I ever stopped using it. Apart from the not so good times I have been through (a relation that went wrong and things like that.. luckily all past) I couldn’t think of anything. So I restored my old keyring from a backup to find out that it was expired….
So I created a new keyring….

While I was working on all this I was chatting with Marion on MSN. She was really interested. Even more, she was very enthusiastic about it and saw personally use for it. So I talked her through installing the software and explained how it worked. And finally she created her own keyring and we signed each other keys, which means we can verify and decrypt messages we exchange. Mostly it is a sign of trust and that is between the Marion and me of course something that is very clear.

Hmmm… maybe in some words what this PGP/GPG is about. Simply said it is a way to add more security to e-mail. You can sign messages, which means that text in the mail is still readable to everyone, but those you exchanged (“signed”) keys with can be sure that the message was send by you and that message was not altered.
Also you can encrypt messages so only the receiver (who should have a signed key as well) can decrypt the message and will be able to read it.

This weekend I will send request to sign my keyring to people who did so before and maybe I will invite some new people to PGP/GPG (if they are interested of course).

PGP/GPG is a way to help defending your privacy… and that is something that is highly needed these days!!!!

What ever happened to “Innocent until proofed quilty”?

Wednesday, March 19th, 2008

“Innocent until proofed quilty” was for me always the base of any justice system I believed in and stood for.

Lately I see changes around me I don’t like. I get more and more the feeling that things are changing towards that anybody could be a possible criminal or possible terrorist. Many measures are taken these days “just in case”.
Latest example of this is the idea of someone at Scotland Yard to collect the DNA of difficult children just in case they may do a crime in the future. So when you a bit out of controle when you are young (and remember, many of us were that as well) you will be already marked as possible criminal!

This is really going way to far. Not the children who are targetted here are a threat to our society, but the people who come up with ideas like this and try to push them through. They are the real threat.

As long you belong to the big majorty, all is okay. But if you are different or act different, then you are suspicious… For heaven sakes, you do something very strange as encrypting mail and files. You must be a wannebe terrorist if you do. Why else you should try to hide something? They never realize that it might be about privacy, things that only should be each of a person and the ones he or she trusts. And there is complete no need for a government or alike to have a backdoor to encryption software.

Innocent until proofed quilty! Nothing else then that…