MegaSync Your Cloud Data for True Internet Privacy

MegaSync Client for Linux with GNOME Nautilus 'Drag Drop' Support shown on my Fedora 21 Workstation Desktop

Strong Encryption is the only choice to secure the Public's Internet Privacy against unwarranted access.

I really don't know how to make that message any more clear.

You see, ISPs are going to 'feather their own nests' as we bear witness to changing Terms of Service with Google and most recently at Facebook.

Personally, I could not care less about their Terms of Service.

Because, as far as I am concerned, anything put on their sites becomes theirs.  Period.  They can claim otherwise.  It doesn't matter.

Google doesn't want to encrypt your Gmail, or Drive.  Why?  Because 'they claim' it's parsed for Advertising revenue purposes.  Does that seem legitimate to you?

Let me lay it bare for you.

The truth of the matter and what Google won't say is, they profit also from intelligence gathering by parsing keyword triggers that get forwarded to domestic and foreign governmental agencies. That is not Transparency. No, it is outright lying by omission.

Your Gmail and Drive get scrutinized every time you use it.

I've written on how to manage your Gmail using OpenPGP Encrypted Evolution Email on Linux Advocates.

The technique I illustrated renders any third-party's ability to parse clear text useless.

As for Google Drive?  Avoid it 'like the plague'.  MegaSync employs 'zero knowledge' end-to-end encryption and gives 50GB of free space by default.

Mega's strong encryption makes your personal folders and files just streams of block data totally unintelligible, so that Mega doesn't know what is getting stored.

You may recall, the take down of Kim Dot Com's MegaUpload by the U.S. Government.  Kim Dot Com said it was "a death sentence without a trial".

Mega with MegaSync client changes all that.

Now, Mega can reliably claim what is legally termed 'plausible deniability' for what clients store on their site, by virtue of how this method of encryption works.

And, isn't that the way it should have been all along?  Really.  It's nobody's business what a law abiding Netizen stores on the Internet.  It's personal.  It's private.  And Mega fills this gaping unmet need.

In the final analysis, if the government wants to know what is stored in the cloud of an account holder, they need to take out a search warrant issued by a Judge.  Then and only then, should a 'Good Netizen' comply by unlocking their encrypted files.

With MegaSync strong encryption, nobody can see your data without your expressed consent.

MegaSync your cloud data for true Internet Privacy.

-- Dietrich

Related articles

• ISPs Are Stripping Encryption From Netizens' Email - EFF

Read More

RetroShare: An Essential Privacy Tool Introduction

RetroShare shown running on my Fedora 20 LXDE Desktop

Maybe you feel defeated?  You have that sense of helplessness?

Yout think, "Don't fight it.  We can't win against them.  There is no privacy on the Internet."

Give up?

No.  Don't give up.  Fight back.  There is an easy tool, now, today, at your disposal, which as far as I am concerned is not difficult to install and immediately use that will assure 100% privacy on the Internet.

What tool?  It's shown above running on my desktop.  It's called RetroShare.

You see, the NSA is perfectly happy you use Google's tools, including Drive, Gmail.  They are clear text and there's no difficutly in their getting to that repository if they choose to do so.

On the other hand, the NSA is not happy about tools like RetroShare.  So much so, in fact, they cannot invade your privacy space on Retroshare.  They cannot penetrate the encryption.  Enjoy privacy on your own terms with RetroShare.

RetroShare is a mature product in continual refinement since 2006.  The feature set is robust.  To learn more, check out their wiki, FAQ, and screenshots.

So, go ahead and try RetroShare.  If you get on-line, give me a shout.  I'm here.

RetroShare is open source and free.  Download here.


Watch my screencast: RetroShare: An Essential Privacy Tool

-- Dietrich

Related articles

• Feeling Paranoid? Take Your Meds: RetroShare
• RetroShare: True Internet Privacy Requires a Change of Habits.
• Your Privacy and How Not to be Surveilled on the Internet

Read More

Google's End-to-End is Unacceptable

by Dietrich Schmitz

Regular readers will know that I have taken issue with Google since last year on how they manage Gmail and Drive.

For starters, should any governmental agency manage to break through Google's firewall (oops, the NSA did and pitched camp last year), they will have unfettered access to your meta data and direct access to your Gmail and Drive files. (Image right: Google's End-to-End Logo)

Why?  Because they are stored in clear text (unencrypted) format.

That's odd.  Google Cloud does just the opposite.  Hmmm.  I Wonder why.  (Taps fingers.....)  That's because Google Cloud is for the 'paying customers' who INSIST that their data meet critical mandated security thresholds (FIPS).  So, Google Cloud customers, in the interest of keeping them from leaving altogether, are being assured, by Google, their data is FIPS-compliant and cannot be viewed by third-parties.  How nice of them.

When it was determined last year that the Fox is in the Hen House, many corporations left en masse U.S. domestic cloud ISPs for Western- and Eastern-Europe ISPs to avoid the NSA.  This concern is quite understandable on many levels and still nothing has been done to impede, much less stop the NSA from continuing their global eavesdropping.

Gmail and Drive are considered part of Google's consumer-facing services which are, at present, offered for free.  Most everyone using Gmail likes the fact that they get it for free, but, were they to make the effort to read their 'Terms of Service' agreement, would discover that Google reserves the right to parse any and all meta and personal clear text data belonging to the respective account holder.

Principally, the main thrust of this stipulation is so that Google can use intelligent advertisements positioned in the account holder's Gmail gutter margins that reflect subjects which might be of potential interest to said account holder by virtue of the parsing logic applied to their data stream.  Very nice, yes?  No!!!!!!!!!!!!

This is fundamentally wrong.  Users may be stuck with the current terms of service for getting their free Gmail and Drive, but, do they have a recourse?

Certainly, one option would be to drop using Gmail and Drive entirely in favor of some other solution.

Another solution is being provided by Google who have been under great public pressure to do something to protect account holders' right to privacy.

The solution is being named End-to-End in an announcement posted on Google's website.  It's not even available yet and coding for the solution is being worked on and tested before it will ever reach production release to the general public.

While that may sound good, a cursory inspection of the Google Code website reveals a few issues which I feel make this solution unacceptable from the start.

1) Google is only offering 'the solution' as a Google Chrome browser extension.  Many use Chrome.  I don't because it is 'proprietary'.  That means it is not 100% open source and so violates one of the cornerstones of FOSS: Transparency.  We cannot and do not know what is or isn't in proprietary code and because of that, potential rogue code and abuses can be introduced without the general public's knowledge and/or approval.  That is what Transparency is all about.  So, Google wants you to have 'their' solution on 'their' terms, stipulating the use of 'their' browser which in and of itself has volumes of code nobody can claim to know or understand.

2) As if #1 wasn't bad enough, Google has chosen to 'reinvent the wheel'.  Namely, the long-standing, mature, fully-debugged gpg2 open source OpenPGP standard codebase is being rejected out of hand, again because they want to do things 'their' way by creating a duplicate, immature, bug-laden codebase port of gpg2 as an incomplete subset into slow, interpretive Javascript.  That's right.  Javascript.  gpg2 is fully compiled C/C++ code.

3) Google chooses to adopt a new Eliptical Curve cryptographic standard over the proven mature RSA standard.  Recall that NIST is now in a public relations dilemma having been exposed as consorting with the NSA in introducing 'weakened' cryptographic string constants into their ECC codebase last year.  In discovering the problem with ECC, the NIST insist they had no part or knowledge of the NSA's intentional introduction of weakened code and put the code out for public review and follow up action to correct any seen defects based on public comment.  That leaves a 'cloud' in my mind over any software dependent on EC.  In terms of severity, in comparison to items 1 and 2, a thorough audit of EC might restore confidence and make item 3 less an issue in the long-term.

But fundamentally, Google's developers, it would appear, are taking shortcuts and making fundamental flawed decisions by forcing a solution which requires proprietary Chrome (Transparency violation) and creating their own immature crypto codebase to 'emulate' a subset of gpg2 OpenPGP features.  EC will only be compatible with version 2.1 of gpg2.

I am giving this project a 'thumbs down'.  Unacceptable.  Back to the drawing board Google.

-- Dietrich

Related articles

• Your Privacy and How Not to be Surveilled on the Internet
• Google: Don't try to change the law. ENCRYPT GMAIL/DRIVE!
• Google Open Sources End-To-End Email Encryption

Read More

WARNING: Google Chrome UNSAFE FOR GENERAL USE

by Dietrich Schmitz

You read that right.  I deem Google's proprietary Chrome (Freeware License) browser UNSAFE FOR GENERAL USE .

I can't make it any clearer than that.

Why is Google's Chrome browser unsafe?

It's pretty simple.  Google chose to not allow Chrome's code base to be shareable to the general public.

For your purposes, that means it doesn't operate under Open Source Gnu General Public License v2 (GPLv2) license terms which would allow the entire code base to be independently vetted by external audit for hidden vulnerabilities and exploits that may be resident much like HeartBleed in openSSL and NIST's Eliptical Curve Cryptography (ECC) which was discovered to have been weakened by the NSA.  The aforementioned rogue bugs lay hidden for quite some time, exploitable to those who knew of their presence.

The only ray of sunshine is that their source code is open source, which allowed discovery and corrective action to be taken.

Sadly, one has to draw the line in today's world.  We know the score with the NSA.  The Fox is in the hen house and now it's time to take action.

Severe action is needed.  

Accordingly, I am putting Google on notice and charging them with knowledge that their code base is 'closed' to the general public and must be 'opened' for independent external audit to assure no vulnerabilities exist of any kind (excluding discovered defects in Chrome's upstream dependencies).

It's no more Google Chrome for me.  And I hope you will follow suit.

Take action.  Switch to a 100% open source browser, like Mozilla's Firefox or Midori or Gnome's Web or KDE's Konqueror today.

I would remind the readers that despite assurances from Google to consumers that their privacy remains intact, it turns out last year that the NSA were able to drill through Google's SSL firewall and pitch camp on the inside for an unspecified period of time, unbeknownst to Google, as they sampled the clear text unencrypted Gmail and Drive meta data belonging to you.  Of course, publicly Google expressed outrage for what the NSA had done.

But actions speak louder than words.  You see, Google has had ample time to formally announce and roll out strong encryption for Gmail and Drive for their consumer-facing services.  To date, they have done nothing.  

Yet, on their commercial service side, they quickly reacted to the Fox in the Hen House last year and put in place FIPS governmental standard strong encryption.  

Corporate America is 'big business'.  Consumers play second fiddle, and because Google state in a revised language TOS agreement that they parse your clear text meta data to generate advertising revenue, the message to the consumer is that 'profit' takes precedence over their privacy.  

That is simply unacceptable and quite worrisome despite the 'lip service' they have given on tightening up their SSL standard.

No, consumer data, yours, is still sitting in clear text drive storage medium in the Gmail / Drive cloud where it can be read at will if/as/when it suits Google and/or any other governmental agency.

And, with Chrome being closed source, there is no way to know for sure what is or isn't happening during your Internet browser sessions is there?


Dear Reader, switching to open source is the only way that Security through Transparency can be achieved.  Do it today.

Google Chrome is UNSAFE FOR GENERAL USE.


-- Dietrich

Read More

NSA: Please Turn the Lights off When You Leave. Nothing to See Here.

by Dietrich Schmitz

It's all out in the open now. The NSA can 'cherry pick' your private and personal Internet meta data whenever they wish. Right?

Wrong. They cannot.

That is, of course, provided you, the general public, place obstacles in their way which will impede, or, better yet, stop them entirely from peering into your private affairs.

Yes, that's right. You have tools at your disposal which will most assuredly put the kibosh on the NSA. Stop them cold in their tracks. They'll come, discover they can't see anything, and leave.

What is it that will stop them from seeing your private data?:

Gnu Privacy Guard (GnuPG) or, just GPG for short.

Free and Gnu Public Licensed GnuPG is a form of strong encryption which has been deemed by experts, including whistle blower Edward Snowden, as effective in keeping your data from being snooped upon.

I recommend to Linux users free Gnu Public Licensed Evolution email for both personal and business needs. (Image left, Edward Snowden, credit: Flickr user DonkeyHotey)

Evolution email running on my Fedora 20 LXDE Desktop

Evolution is feature-complete, mature (that means stable), and supports GnuPG (OpenPGP) encryption formatted email.

Use it once or twice and I am confident you'll get the hang of it.  It will even use your existing Gmail or other email account with secure TLS POP3/IMAP connectivity.

And, for those eager to install Evolution, here is a good tutorial to get you up to speed quickly.

Need to wrap your mind around GPG? Read more about it here.

Just to give you a visual of what an Evolution created gpg-encrypted gmail looks like 'after the fact' from Gmail's web view -- there's truly nothing to see -- this is what the Google staff and NSA would find:

Evolution GPG-protected email stored on Gmail.  Nothing to see.

And, as always, if you have questions or need help, do not hesitate to contact me.

So, NSA? Please turn off the lights when you leave. Nothing to see here.  Thanks!

-- Dietrich

Related articles

• Interview: NSA Whistle Blower Edward Snowden: NSA lies to Congress
• Snowden says Australian Intelligence and NSA spied on the US Law Firm representing Indonesia in Trade dispute
• NSA Leaker Edward Snowden: " Job Is Done When It Comes To More NSA Revelations"

Read More

Insidious Chromebook, Mega Email Preview, Smartwatches, Pirate Bay Decentralizes, CES 2014

by Dietrich Schmitz

Insidious Chromebook

Yet another major PC vendor has tossed its hat into the Chromebook ring.  Toshiba announced their very own Chromebook.  What a chuckle.  Oh, a 'Flying Chair Alert' memo has been issued at One Microsoft Way.  Be careful if you work there.  Toshiba's unit has 13 inch display, for the amazingly economical price of US$280.  What a chuckle.  I've stopped keeping count -- how many vendors are making Chromebooks now?  Enough said.

Mega Email Preview

I have attempted to reach out to Kim DotCom (born Kim Schmitz) himself in the hopes that I can have a chat with him on his views regarding Privacy.  His intent to further advocating privacy for the masses is clear: Mega Cloud ISP is now out of beta, over a year old, and provides free 50GB of Zero Knowledge Encrypted storage.  Kim DotCom continues to raise the bar and has become, despite his travails with MegaUpload, an iconic 'hero' and source of hope for obtaining true privacy on the Internet.

Most recently, news leaked onto the Internet about Mega's newest project: ZKE Encrypted Email (see screenshot below).  For those who may not grasp its significance, it is, for example, not the case that Google Gmail is encrypted.  In fact, the aged RFC specification for email doesn't even consider encryption and by virtue of its age includes defects that foster wholesale email forgery (it is child's play to insert a forged sender's email address, for example), which is why there is spam in your spam folder.  It can't be stopped without revising the specification.

A leaked screenshot of the soon-to-be-released Mega ZKE Email/Chat system

It is outrageous to contemplate that, despite the recent disclosure of the NSA having taken up camp on the inside of Google's firewall to cherry-pick the public's data (Drive, Gmail) with impunity, Google has not thus far publicly stated any intention to encrypt consumer services data.  Other ISPs, including Yahoo and Microsoft have gone on public record with statements that they intend to shore up their services with strong encryption.

On the point of ZKE, only a few cloud storage providers currently offer encryption (Mega, Wuala and SpiderOak--promulgator of ZKE and their open source ZKE developer SDK framework).  Other initiatives for encrypted email are few that support ZKE, but, most notably, Mega and SilentCircle are hot on the trail to developing a system that will ensure 100% privacy--meaning the ability to crack/decode messages will effectively become impossible.  Those following this topic will recall SilentCircle initially provided email but found the level of harassment from the government for access to be a breach of the public's privacy and so pulled the plug on that service.  Now, they have stated it will be reopened and reimplemented with ZKE in mind. 

Such luxury comes currently at a cost with, for example, Symantec Corporation (merged with PGP Corporation) providing to Corporations hosted PGP-encrypted email service.

As for the masses, the Government willingly follows 'convention' in accepting US Postal Service mailed parcels and letters in envelopes with both an expressed and implied assurance that your privacy is protected on delivery to its endpoint recipient.  Federal criminal liability is defined for any tampering with your mail even.  Yet, they have no motivation to provide the same level of expectation for privacy with your Internet email.  That stands out ever-more boldly in the backdrop of the NSA PRISM/Snowden disclosure in 2013 and punctuates all the more an unmet need to provide strong encryption on the Internet for not just commercial but consumer privacy.

In an apparent double standard, Google has feathered their own nest, by ensuring that commercial security standards are being met by providing encryption for their Google Cloud service.

Be assured, if Google take no action on this issue, I will exit using Google Gmail/Drive just as soon as Mega ZKE Email arrives.

Smart Watches

Pedestrian1: "Excuse me, Do you have the correct time?"
Pedestrian2: (Proudly brandishes his smartwatch) "Yes I can give it to you to the millisecond and in any time zone.  Oh, if you like, I can tell you the value of pi with 12 decimal places of precision!  Oh wait.  Someone is calling me on my watch."

Sound far-fetched?  Maybe a little.  But if things continue the way they are unfolding (image right: Samsung Smartwatch), we'll see the end of Swiss Watches with ruby jewel-pivot accuracy and a flood of what appear to be silicon-laden wrist watches that condense on their ASIC chipsets all manner of technology providing yet more techno-lust in a smaller, lightweight form-factor, with convergence of smart phone and any other imaginable application that can run in the current nanometer-realm.  There doesn't seem to be any constraint as memory capacity continues to increase, SSD form factor gets smaller, and ARM processors with reduced power consumption grow in power (processor arrays) and operating systems containing a Linux kernel continue to pervade all corners of our lives.

Pirate Bay Decentralizes

Let me be clear.  I am strictly against the theft of Intellectual Property or Copyrighted material.   But I do feel strongly that revision to laws on a country-by-country basis need to keep pace with the level of change occurring around us.  Real-world personal habits have changed, and technology has single-handedly changed our lives in many positive ways that could not have been imagined 50 years ago or more when the laws were originally framed and enacted.  

By virtue of how the Internet works, there is an increased desire and tendency to share.  People conduct sharing on many levels (texting, email, pictures, documents, music, video) and given how easy it can be to do, they do it often without giving any thought to the legal implications.  Generally speaking I think people know when they are doing something wrong, but I maintain, 'fair use' should come into play when doing certain kinds of sharing on the Internet.

By the same token, enforcement of laws governing IP and Copyright Ownership should not preclude consideration for if and when censorship should be applied.   Enforcement efforts have been in effect for some time.  The MPAA and RIAA have rolled out a Six Strikes and You are Out enforcement plan with the assistance of Internet Service Providers (ISP) to 'monitor' user Internet activities.  (Not all ISPs have agreed to participate in this program.  Please check with your Internet Service Provider's policy on this issue.)

This is, to my mind, wrong and smacks of a total breach to the public's right to privacy as well as an overreach of censorship.  How effective their plan has been is not clear, but many new software technologies are coming to bear to provide users with the needed tools and resources to ensure their activities remain private such as ZKE, RetroShare, Mega, Wuala and SpiderOak.

The NSA scandal of 2013 has now galvanized public awareness and catalyzed a renewal of initiatives to offer strong encryption across all Internet services for both consumer and commercial use.

The Pirate Bay has clearly been the target for long-standing IP and Copyright theft.  That cannot be disputed.  Yet, despite what happened to their founders (jailed) and what happened to MegaUpload (take down of central servers) the Pirate Bay lives on. They are now are embarking on a plan to decentralize their network to beat censorship.  At the very least, new technology that curbs inappropriate censorship is needed until the gray area between 'fair use' sharing and outright theft is clearly defined.  This is all complicated by a 'borderless' Internet which doesn't see country borders or know about treaties to offer recognition for differing treatment of existing international laws.

CES 2014

The annual Computer Electronics Show begins today, January 7 and goes through January 10.
I was an avid follower of this event going back to 2006 when many new technologies were first revealed.  In 2007 I recall the level of anticipation was palpable surrounding new technology paradigms like the Nokia N95 (I bought one) and the first generation Apple iPhone (I didn't buy one -- hate it to this very day -- Android is King).

Anyhow be tuned over the next few days for product announcements.  I'll be watching closely.

--Dietrich

Related articles

• Wishes for a Merry Christmas and Happy New Year to All
• Microsoft to Roll Out Encrypted Message Service for Office 365
• Techies vs. NSA: Encryption arms race escalates
• Toshiba introduces their first Chromebook at CES 2014

Read More

Your Privacy and How Not to be Surveilled on the Internet

by Dietrich Schmitz

Now that the dust has settled over the disclosure that the NSA has been actively engaged in a surveillance program called PRISM for several years, we can now get down to the business at hand. (Image credit: www.techinasia.com)

Namely, this post highlights some of the ways you, the general public, can exercise your right to privacy on the Internet all on your own and for free.  The discussion is limited to Desktop systems only, not Tablets and Smartphones.

Some rules apply to this discussion:

1) Don't talk about private matters in a public place
2) Don't leave your valuables in an unsecured public place, lock them away for safe-keeping
3) Provide information only on a 'need to know' basis

If those rules seem obvious, it's because that's how you conduct yourself in the physical real world.  And, it's no different on the Internet.  That is common sense really when you think about it.

On-line Storage

Kim Dot Com and the MegaUpload ISP seizure by the U.S. government is a blazing roadside neon sign from which we can all learn.  It's an incomplete yet to be told story about how people used this site for storage of their personal things but turned into an International scandal when corporate entities assisted by the government brought pressure to bear with a website take down.  The whole issue of what happened and how it was handled is still unclear, but it is nonetheless emblematic of what potentially can happen if such a take down occurs and results in interrupted service for all ISP tenants, irrespective of whether they were negligent in any way.

It also points to the question of 'how' data is stored on Cloud ISPs.  Is the ISP doing anything to protect your data?  If so, what?  Those questions should be answered before storing any sensitive data in the Cloud.

In fact, MegaUpload did nothing to protect its customers' data.  As a result, the majority of tenants were held hostage to a takedown because of a few who used the site for illegal file sharing.

So what should you be looking for?  If you really have sensitive personal data then take the same precaution as you would in the real-world -- keep it locked away and don't give the key to anyone.

In the real world that is fairly easy to accomplish.  That's why we have a burgeoning business with locksmiths and safe manufacturers and such to maintain privacy.

As for the Internet, well, essentially the only way to guarantee your privacy is by employing encryption. That's it my Friends.  Encryption.  And, the only 100% fool-proof way to do defeat access thereto is with what is called Zero Knowledge Encryption (ZK).

Effectively, ZK encryption encrypts your data store at an ISP but only you have the private key to unlock the data. (Image credit: www.spideroak.com)

ZK cleans up a heretofore otherwise 'messy' relationship between the lessor of Cloud storage drive space and lessee who stores data in it for free or an agreed to periodic subscription fee.  As a direct side effect and benefit of using ZK technology, the lessor then has zero knowledge of what the lessee is storing.  Had this been the case with Kim Dot Com and MegaUpload, Kim could have asserted 'plausible deniability'.  In so doing, neither the RIAA nor the MPAA would have had reasonable and justifiable cause to legally challenge MegaUpload, as the ISP could irrefutably claim to possess no knowledge of what the lessee is storing.  Thus, commercial and governmental third-parties would have no choice but to come directly to the lessee to question how that space is being used and would be put in the position to present specific details for their inquiry directly related to suspicion of wrong doing and demonstrating probable cause for granting any search warrant.

Currently, the U.S. Patriot Act has a provision called a demand National Security Letter which allows U.S. governmental access to any ISP to obtain a copy of any account holder's private data and it legally restrains the ISP from communicating in any form that the event occurred to anyone.  Microsoft, Google and civil liberties group the Electronic Frontier Foundation, are petitioning that such represents a violation of our constitution's First Amendment rights with the Federal Intelligence Surveillance Court which oversees provisions of the Federal Intelligence Surveillance Act of 1978.

So, you can plainly see why it is coming to this.  Encryption.  Use it to protect your privacy.

Start looking for an ISP that offers Zero Knowledge, such as SpiderOak and Wuala.  Any other form of encryption in the Cloud is unacceptable.

(There are 'unofficial' rumors that Google is beginning to roll out encryption for their Google Drive storage.  If it is anything but ZK, don't use it for your personal data.)

Browsing the Internet

If you want to keep your Internet browsing habits truly private, deleting cookies, and setting the user agent string to 'DO NOT TRACK' are useless.  It's entirely up to the ISP to 'respect' the latter so don't rely upon it.

The best way to do anonymous surfing is by using a VPN proxy service.  Essentially, this service sets up the VPN service as a proxy connection encrypted tunnel between you and their end point.  The ip address given to you going out of the VPN's end point to the Internet is then randomized so that there is no relationship to your actual ip address and a translation mapping brings back all browsing over the VPN to you transparently.  Some VPNs are free, others will require a subscription fee payable monthly or yearly, such as vpnproxy, for example.

SocialNets and Chat

Being 'social' is the latest rage, of course, and the need to stay in touch with Friends encourages use of devices to text and chat.  Currently, Facebook and Google Plus use the open source standard Jabber/XMPP protocol.  By default, your chat log is stored in a central server.  And, Google very recently announced they will be phasing out Google Talk (the XMPP component) in favor of their own 'Hangout' proprietary protocol.

There is more than one way to keep your chat's fully private.  With Google's Hangout on Google Plus, you can explicitly set, for example, your chat as 'off the record' and there will be no persistent logging of your chat sessions.  Even then, if a third-party (cough PRISM) chooses to bridge your stream (aka 'Man in the Middle') they can eavesdrop on your voice, video, and text streams.

For the ultra-paranoid, currently there are a few solutions.  One is to use Pidgin with their 'Off the Record' (OTR) plugin, a name borrowed from the well-known cryptographic protocol of the same name.  This effectively allows taking any stream (AIM, Facebook, G+, etc.) and setting up an encrypted tunnel between you and the other person with whom you are communicating.

Another option is to install the Cryptocat plugin for Chrome or Firefox.  Cryptocat also uses the OTR cryptographic protocol for private messaging.

Otherwise, yet another alternative is to avoid using any of the standard messaging protocols in favor of a P2P decentralized encrypted connection via RetroShare.  I've written several stories regarding the importance of RetroShare.  Retroshare, being on its own P2P closed loop, has it's own secure messaging chat software.

Email

Email by default is clear text and if you use it to communicate it can be read along the path of mail transfer agents to its destination recipient.  And, in the case of Gmail, that email along with everything else on Drive is all unencrypted.  That means all of your data can be read by third-parties.

Encryption solutions include using GnuPG or PGP encryption.  The problem with methods like GPG encryption is that, while free, most software application implementations are not user-friendly and, as such, difficult to use by the general public.  Commercial solutions include Symantec Encryption Solutions and Phil Zimmerman's newest Silent Circle, and are both viable options to consider. (Image credit: www.philzimmerman.com)

One other realistic alternative is to use RetroShare's email.  Essentially, Retroshare's 2048-bit RSA encrypted F2F channels are totally encapsulated on a 'closed loop' away from the world wide web's non-encrypted email system.  As such, RetroShare email is guaranteed to be strictly private and devoid of any spam.

DarkNet

If you want to employ tools which offer guaranteed pure privacy, then your list of choices is only a few.  I'll save you some trouble -- the technology used is called DarkNet and, while it does sound subversive, it, however, represents the only form of software technology which is  100% 'effective' in combating Internet snooping of any kind.  Not all darknets are alike and I would encourage you to only consider RetroShare's product.  If you want to fully lock down your RetroShare environment, you are only a few click settings away from running in pure stealth darknet mode.  You need not feel embarrassed in employing this tool -- it is the NSA who should be ashamed of their activities, spying on Americans without the use of the traditional and appropriate procedural Judiciary search warrant oversight process, which provides constitutional checks and balances on the potential for abuse of authority.

RetroShare offers currently the best reference design for what should be integrated into all computer desktop GUIs.  We accept the need for integrated Office Automation tools and soon privacy-mandated applications will find their way onto the Desktop as part of a standard default deployment of operating system software.

RetroShare is written in C/C++ using the advanced Qt gui framework and is currently available for Windows, Linux, OSX, and BSD machines.

Be safe.

-- Dietrich

Related articles

• RetroShare: For the Paranoid in You!
• An Unmet Need: Privacy Integration on the PC Desktop
• Technology to Protect Against Mass Surveillance (Part 1)
• Five Ways to Have a Chat Behind Big Brother's Back
• Utah ISP owner describes the NSA 'black box' that spied on his customers

Read More

Google Drive Gets Failing Grade on Privacy Protection

by Dietrich Schmitz

Never mind that Google reneged on their promise to bring a native Google Drive Client to Linux.  It really doesn't matter to me at this point.  We have much bigger fish to fry.

You see, Google is as much complicit as any other ISP in cooperating with our beloved U.S. government in handing over your private data without a warrant.  The government waltzes in simply cherry picks whatever they are looking for unimpeded.

This is flouting our privacy rights and, with each successive day, more and more of our constitutional rights are being dismantled in the name of fighting terrorism.

"At what point do we stop taking away our rights?", is an open question everyone should be thinking about.  Because, the latest news regarding disclosure of the NSA's Prism project confirms just how far 'out of hand' things have progressed with the overreach by our government into our private affairs.  Seeing such news, one wonders where we will be in five years.  I fear the erosion of our rights will continue unless these projects are abandoned.

Your only recourse in fighting back to hold off these intrusions?:

ENCRYPTION

Folks, I cannot stress this enough.  There is no other option if you plan on storing any personal data on the Internet other than encryption to keep prying eyes from reading it.

And, I feel obligated to tell you that NONE of your data stored in Gmail or Google Drive is encrypted.

In fact, Google will not offer an encryption service in the interest of protecting your privacy.  Why?  Because, it will render their 'parsers' useless in parsing through your data for advertising purposes, their main 'cash cow'.

This stands as being a gross conflict of interests and Google has overtly chosen to make profit a higher priority than protecting your privacy.

I give Google a FAIL on their moral ethics and stance on privacy.  

The bottom line?: Don't use Google Drive or Gmail if you don't want your data seen by third parties.  

-- Dietrich

Related articles

• Reclaim Your Internet Privacy. Encrypt!
• Horses for courses: Is Google Drive really the best bet for businesses?
• Google Drive

Read More