New privacy tools


There has been an increased interest in protecting people’s privacy online. But what seems to be driving some of the push is not a fear of the NSA grabbing people’s communications in the wake of the NSA revelations or of hiding wrongdoing but just the desire to not have a permanent record on the internet of one’s messages.

For many communications one may want one’s messages to last only until the other person has seen them with no permanent record, making them more akin to a telephone cponversation. So there has been a demand for systems in which the messages self-destruct after being read, Mission Impossible style. This would also be useful for political organizing since now repressive governments would have a very limited time to scoop up and analyze the messages before they disappear.

NPR had a story about services like Wickr and Silent Circle that enable users to send messages and photos that self-destruct, leaving no trace.

These tools include Wickr and Silent Circle, both apps that take privacy seriously. Like Snapchat, Wickr is a free app offering messages and photos that self-destruct. But unlike with Snapchat, when London and her colleagues tried to trace conversations on Wickr, they came up completely blank — no metadata, nothing.

Thor Halvorssen, founder of the Human Rights Foundation, uses Wickr to talk to activists around the world. He says these contacts in authoritarian countries used to censor themselves out of fear that they were being watched.

“Wickr has changed a lot of this, as have some of the apps for encrypted voice,” Halvorssen says.
These apps are tough to crack, even for spy agencies, because they use something called perfect forward secrecy. It’s like using a really strong lock and never using the same lock twice, Wickr co-founder Robert Statica explains.

“Once you generate the key, only one message will be encrypted with that particular key,” he says.

In the past couple of weeks, Twitter and Microsoft announced that they’ll start using this technology too, presumably to thwart the likes of the NSA.

I don’t know much about internet privacy but this seems like a start.

Comments

  1. wtfwhateverd00d says

    In the meantime, FTB blogs use gravatar, a known privacy and tracking leak.

    I sure hope your readers don’t mind having their comments at FTB linked to their comments at say pro-Israel, pro-Palestinian, anti-Russian-gay-policy, hiv- support group, or down with string theory forums!

  2. wtfwhateverd00d says

    Readers interested in privacy should remember to change their email addresses once a day, or once a week, or once every x days where x is a function of their paranoia, reasonable fears, and comment frequency

  3. Crip Dyke, Right Reverend Feminist FuckToy of Death & Her Handmaiden says

    @wtfwhateverd00d:

    You forgot to include grammar Nazis in your list of fora.

  4. wtfwhateverd00d says

    You’d be doxxing me for writing forums if not for my fake email address, I KNOW YOU WOUDL!

    However, google suggests

    fo·rum
    ˈfôrəm/Submit
    noun
    noun: forum; plural noun: forums; plural noun: fora; plural noun forii

  5. John Morales says

    wtfwhateverd00d, FTB blogs allow for the use of gravatars, but don’t require it.

    (They also allow for people to use their real names (as I do!) — perhaps even more a known privacy and tracking leak 🙂 )

  6. wtfwhateverd00d says

    John, the md5 of your email is 4987928529753f6ca237841116b867fb. There are web based code searchers you could plug that into to find the other places you’ve commented. Even though you don’t have an image, you nevertheless are being leaked on by gravatar.

    That wordpress email field that says your email address will never be published is lying to you.

    “They also allow for people to use their real names (as I do!) — perhaps even more a known privacy and tracking leak :)”

    Yeah, dude, really not sure what your point is, bro.

  7. John Morales says

    My point?

    Well, leaving aside that you certainly don’t know my email address based on a hash number (nor has it been published), it’s that anyone who seeks to find other places where I’ve commented need but put my name into a search engine.

    More relevantly, you were insinuating that, because FTB enables gravatar functionality (shoddily, it is true, since mine doesn’t come up in this particular blog), it is they who bear responsibility for the putative privacy breach of those who have linked it to an email address they employ when commenting here. That is just plain silly.

  8. wtfwhateverd00d says

    Your email is pretty easy to come by John, who knows it?

    There is every wordpress site you’ve given it to.

    Every site you’ve ever registered at. Every hacker who has ever hacked any site you registered at.

    If you were a customer of Adobe’s there’s a good chance your email is sitting at a 1000 different torrent sites ready for download.

    Your health insurance company.
    Your employer.
    Your ex-wife. And her lawyers.

    Your ISP, and your previous ISP.

    And gmail and hotmail and yahoo and the ISP of any person you ever emailed and the sysadmin’s of those companies.

    The state.

    The CIA & NSA & FBI.

    Safeway and Kroger’s and anyplace you’ve filled out an affinity card.

    Amazon.

    Lot’s of people know your email address John, and John Morales? You don’t think that’s in a precomputed rainbow table of email addresses? Okay John, sure.

    And then there is your son who is questioning his sexuality and the fora he posts at. And your sister, who posts at pro-russian gay civil rights sites from her place in Mosow. And me who posts at various mens rights sites though I’ve been threatened many times with retaliation and doxxing by feminists.

    A lot of us would prefer that when Professor Mano’s blog says “email address will not be published” that we can publish our comments here without being tracked for

    retaliation
    national security
    marketing
    snooping

    or any reason.

    And of course FTB is responsible for the gravatar MD5 leaks.

    They choose the technology and implement it — they are clearly responsible for what happens as the operate it. If you were driving your Toyota with your best friend in it and the accelerator stuck and the two of you had an accident, who is getting sued? Just Toyota? Or Toyota AND You.

    And FTB could fix the bug. It’s not a difficult amount of programming to remove the MD5 hashes from comments where the user is not logged in. Or just not use gravatar. Or use a different commenting system. Or write their own commenting system.

    None of that is either rocket science or particularly expensive.

  9. wtfwhateverd00d says

    Who else knows your email address?

    Every single third party company any company you have ever dealt with online has sold your email address to.

  10. John Morales says

    Yet, though I have used that address for over a decade, I get no spam whatsoever… go figure.

    Your worry is absurd, and you’ve just admitted it also applies to “Every site [I]’ve ever registered at.” — so how is FTB any more problematic than any of those other sites?

    Again: you don’t have my email, nor have you yet adduced any evidence that FTB publishes it*. And even if you did have my email, the worst that could happen is that you can email me or tell it to others.

    (Now, if my email password hash were to be revealed (not that FTB has access to that), then that would actually be a worry)

    * BTW, you do know that more than one string can hash to the same 128-bit number, right?

  11. Compuholic says

    “Once you generate the key, only one message will be encrypted with that particular key,”

    Wow, they are breaking out the big guns now. Like any decent public key encryption software ever prouced. Although not a public key system, even the Enigma operators already used message keys.

    The encryption itself rarely is the problem (unless compromised by weak random number generators or other manipulations). A good encryption is tough to crack when no additional information except the encrypted message is available. Unfortunately the average computer leaks a lot of information that can be used by an attacker.

  12. khms says

    Since so many commenters seem to not know what this is about, I asked Wiki:

    In cryptography, forward secrecy (also known as perfect forward secrecy or PFS[1]) is a property of key-agreement protocols that ensures that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future. The key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material must not be used to derive any more keys. Thus, compromise of a single key will permit access only to data protected by a single key.

    It’s usually one of the first things that pop up when you google the term. Here, let me google that for you.

  13. Paul Jarc says

    John, d00d’s point about the email address hash is not that it allows a snoop to contact their target directly, but that it allows them to associate the target’s activity in one context with activity in other contexts, building up a more comprehensive map of what the target does. That combined profile could allow them to track down the target in real life for harassment, etc.

    And while you and I don’t expect to be harassed by anyone, and so aren’t concerned about revealing our real names, others do have reason to be more concerned about their own exposure, and so a system that puts them at risk of exposure is fair game for criticism, even from us, if we care about others’ safety.

  14. John Morales says

    Paul, I do grant the point that most people are probably unaware that the source for the page contains the MD5 hash of every commenter’s email, and that this is worth mentioning in FTB’s Privacy Policy page — but to go back to the beginning, if someone were worried about that, then they probably shouldn’t be using the same email address for those different sites. (cf 1.1).

    And again: “That wordpress email field that says your email address will never be published is lying to you.” is more than hyperbole; it’s a false claim.

Leave a Reply

Your email address will not be published. Required fields are marked *