Privacy week : Be careful what you share.

 We close up privacy week with this little awareness video. We talked about how the bad guys can sniff and snoop, and how you can protect your traffic by using our tips and tricks. There is however ONE factor we cannot do anything about .. and that is about YOUR behaviour. Privacy is not only about what you keep a secret .. its also about what you choose to share. Below is a little Belgian social media awareness video (I’m pretty proud about the Belgian Part) that will make you see how “trivial” information can be “correlated” into something quite .. Scary …. Beware of what you share ! 

Related Posts

• KW1304 – Cutting the Cable
• Control auto-starting applications on your Android device (or Android media center)
• KW Videoblog for 6-15. Drunk dialing half your community and a call to arms.
• KW1701 – Morning Geekspresso Episode 1
• KW1608 – Tunneling with Tailscale

Column : Privacy is a statement.

“Privacy is dead” It’s one of those boilerplate expressions you hear whenever there is a discussion about the NSA sniffing bits along some transatlantic cable, or a scandal about a flash light application that shares all your contacts with a Chinese scammer. Perhaps people are right. Keeping your data to yourself is becoming harder and harder to do. Marketeers, Governments, applications, devices, .. they all seem to be out to track and trace our every move and share whatever we do with the world.

 Google knows all about my emails, Facebook knows everything about my life. My Cellphone is playing little snitch to some Canadian marketing agency in their plan to help push targeted advertising my way. Why should I bother with privacy ?

 “Why should we bother” Well : you can ask yourself that question. The only way to remain untraced these days is to crawl into a cave  in the centre of the woods and never come out.  

 But when I look at most people around me … they seem to be doing the opposite. Not only don’t they have a problem with their privacy being invaded .. they seem to rationalize the very invasion of their privacy into something trivial.

 “ They can watch me , I have nothing to hide” .

If that were to be true .. why bother wearing clothes to work in the morning. Let’s rip off the curtains in the bedroom so everybody can see your “lateral aerobics” on Sunday afternoon.

Lets take away all the doors of the restrooms so we can poop and talk face to face at the same time .. You said you don’t have anything to hide .. right ?

 You see, that is where the “nothing to hide’ statement” breaks down. Our personal privacy makes us who we are. Whether you are pooping out the longest turd in history OR shooting heroine up your arm .. you will close the door of the toilet stall nevertheless.

 You don’t have intimate conversations with your wife from opposite sides of the football-pitch… You don’t scratch your lady parts in front of your boss  when they are itchy ?

How about shouting out what you make a year  to your co-workers ? No ? See .. you DO have things to hide. Personal things. And that personal privacy defines you as a person, as an individual .. and not a member of a mindless herd.

 ‘I’m not doing anything wrong’ is another slippery slope. Because “Right” or “Wrong” are relative to whatever situation you are in. Take the family that googled “Fertiliser” and “pressure cooker” on a Sunday afternoon.  They had a swat team break down their door and arrest them on suspicion of trying to blow stuff up. Did they do anything wrong ?

Try doing a paper on Fundamentalism, cancel your life insurance and book a one way plane ticket to the US. You will end up with a lot of questions to answer at best OR a cavity search before you leave the airport. Why ? You’re not doing anything wrong.  But the lubed up glove of the border patrol officer sure makes you wonder if something might be ‘up’.

 “What can they do with that info anyway”  You would be amazed how you can puzzle the most trivial of data together into one giant revealing blob of information about your interests, your habits, your life.  And if you are lucky , the picture they paint will be correct. What they DO with that picture is completely out of your hands .. But suppose they get it WRONG ? What if taking that information out of perspective, or crunching the data wrong will depict you as somebody chronically addicted to gambling. What if your future boss thinks you are an unreliable alcoholic because he saw those 5 public pictures of you at this embarrassing party. If the information they collect gets misrepresented, distorted or manipulated it can mean a whole lot of trouble. And the more information that’s out there , the higher the odds of that happening.

 “I don’t care if they are watching”. Maybe you don’t. But that depends on WHO is watching ? You might not have a problem having your internet traffic logged by the government who want to “keep you safe”. But what about that dingy kid in the corner of the internet café who is sniffing the local wifi network for dirty pics and juicy urls ? What about that stalky sys-administrator at work who is going through your logs to find out what flowers you like. ( It’s Valentines day soon , creeps need to get laid too) Are you sure you want to be this “open” with them ? Are you sure you don’t want to keep some stuff away from nosy snoopers ?

 So take care of your privacy. Don’t fall into the trap of thinking that it is JUST the government that is trying to watch you. For every NSA agent looking at your personal data … there are 10 marketeers trying to analyse your habits and e 20 more script kiddies, hackers, key loggers and mallware bots trying to get their hands on your information. You might want to disclose everything to the authorities .. But that doesn’t mean you have to do it to everybody else.

 So lets make privacy a statement. I protect my information, my communications and my data NOT because I’m doing anything wrong .. but because I’m NOT doing anything wrong. I’m exercising my basic right of being my own private free individual. I’m not a felon, not a convict. My bedroom does not get searched every two weeks by guards . I’m not in jail. I am free , free to choose NOT to disclose my personal information to ANYONE who queries it.  

So protect your right to your privacy as a basic right of being a free individual. Wear your encryption skills like a medal of your techno-skills.  Be smart and challenge every request for your personal data. Go tell Runkeeper to sod off when it wants to see all your friend info on Facebook. Ditch applications/websites that needlessly want to log or track you. Share what YOU want to share. Your personal privacy is not only a basic part of your personal freedom .. its a statement : The statement that YOU are FREE.

Related Posts

• kw802 : Storytime.
• KW1701 – Morning Geekspresso Episode 1
• KW1608 – Tunneling with Tailscale
• KW1605 – Data and the Erosion of Privacy
• KW1501 – 10 Geeky Projects for 2020

Privacy Week : Tunnel traffic through your home network with Sshuttle.

Today’s tip in our “Privacy week” is geared a little bit towards the more advanced geek .. (Who am I kidding, you are ALL advanced Geeks here). In our every lasting quest to ensure our privacy when surfing on “foreign networks” like the one at work, the one at your dorm or the free wifi hotspot at Starbucks , we try to find more ways to make sure all your web traffic is encrypted and your privacy is kept safe.

Enter SSHuttle ( NOOO , not the STAR TREK Shuttle) , A brilliant little transparent proxy application that directs ALL or PART of the network traffic from your trusty Linux or Mac machine (the laptop you use on the road) through an SSH tunnel to an SSH server of your choice (perhaps your own server at home). That way your traffic is completely (or partially) obscured from whoever is trying to sniff your traffic on an untrusted network. An added bonus is however that it is a transparent proxy ! This means your computer will actually think it is directly connected to the network where the SSH server is running. It is like running a very very very long cable through the internet straight from your machine to the network where your SSH server is located. 

So let’s start cooking.

Ingredients.

• Laptop with a version of Debian Linux installed or a Mac running a recent version of OSX.
• An SSH server. ( Follow along our VERY OLD but still accurate manual on how to setup your own Linux SSH Server)
• A static IP address for your internet connection. (Or if you have a dynamic IP you can follow along with THIS great tutorial on how to use No-IP.org)
• Forwarding the correct port on your router. (Open up the port you are using for your SSH server from your router to the IP of the machine on which you are running the SSH Server)

How to install SSHuttle on your client machine.

• Install SSHuttle on your Linux machine using the command :  sudo apt-get install sshuttle
• Install SSHuttle on your Mac by first installing HOMEBREW APP. (Installation instructions) and then typing brew install sshuttle

Shuttle is simple but VERY powerful.  It will create an encrypted tunnel between your laptop and the SSH server you setup at home. Depending on what kind of traffic you want to shove through that tunnel you can do different things like :

• Just tunnel your browser traffic through the tunnel,
• Shove all of your web traffic through the tunnel (including dns requests),
• Shove ALL of your traffic through the tunnel.
• Set up a “site 2 site” VPN  between the network you are working on and your network at home.
• … and more crazy stuff.

So how does it work ? 

Once installed using SSHuttle is pretty simple. SSHuttle works from the command line and depending on the “switches” it will do different things for you. So on your client laptop , fire up your terminal and start typing.

• sshuttle --dns -r username@yourremoteserver.com:2222 0/0

Enter the command above to push ALL of your traffic through the SSH tunnel towards your server at home. This is the example of running a virtual network cable THROUGH the internet towards your switch at home. All of your traffic is sent through this encrypted tunnel. USERNAME = A user you have created on your SSH server at home. YOURREMOTESERVER.COM = The external ip address (or Dynamic DNS name) of your home router. 2222 = The port on which you have your SSH server running. In this example I took a non-default port.

• sshuttle  -r username@yourremoteserver.com:2222 192.168.0.0/24

With this command you can create a site to site VPN. Instead of typing 0/0 is going to send ALL the traffic through the tunnel. Typing the network range of your home network (in this case 192.168.0.0) tells SShuttle to send all the traffic that needs to go to the 192.168.0.0 domain through the tunnel, while sending out the rest of your traffic through  whatever network gateway you are connected to.  The /24 is your subnet mask ( you know , the 255.255.255.0 subnet number of your network).

There are a lot of other switches that you can use , but if you use the two commands we mentioned above you will have a LOT of power at your fingertips. I love using the second command. It allows me to connect to the exchange server at work for my work stuff, but also lets me quickly open up the web interface of my home router (on the LAN SIDE) to do some tinkering. SSHuttle is a very very nice tool that keeps you connected .. and keeps your privacy .. private.

Find out more about SSHUTTLE in this HAK5 episode.

Related Posts

• kw905 : Life on a Chromebook.
• Server week : The essential SSH Server.
• The Knightcast Episode 35 : Remote Domination.
• KW1202 – One Linux to Rule Them All
• Connect your Chromebook to your home network over SSH.

Privacy Week : Surf anonymously on your phone with Hotspot Shield.

Who do you trust ! That is of course the main question in most of the topics of this weeks “Privacy Week” on our blog. When you connect to the internet on your tablet or mobile phone, you have a choice between different networks and carriers.  You can go directly via your mobile phone’s dataplan (if you have one) or connect via Wifi. In both cases “somebody” is going to connect you to your internet. For your cell connection that will be your Telco, for your Wifi connection that will be your ISP or the kind person/company who set up the wifi hotspot you are using. The question is : Do you trust them ?  As we told you in our first post : Sniffing unencrypted traffic is very very easy on a network. So when it comes to those open networks in a coffee shop, you never know who is watching. So why not “tunnel” your mobile traffic too. 

Hotspot Shield VPN is my FREE application of choice. It allows you to tunnel all your traffic through their VPN tunnel and lets it emerge somewhere in the US. So anyone who wants to sniff you (either your telco, your local ISP or the dingy kid in the corner with his laptop running Wireshark) won’t be able to make out what you are doing. But because you “exit” to the internet on AnchorFree’s network (they make the app) , THEY will. 

Hotspot shield VPN is free and easy to use. Its not always fast and it comes with adds. Opinions about this service might be mixed, but I regularly use it when I take my IOS or Android mobile device onto an open wifi network that I do not trust. Hotspot Shield also comes with a paid plan with “Monthly and Annual subscriptions available for faster connection, better cost savings and enhanced security. All subscriptions provide unlimited VPN bandwidth and NO ADS” So you can even pay if you want to. Keep stuff safe in a simple way, but remember that every connection (no matter if its through your ISP, the hotspot or these guys) requires ‘trust’ in whoever is carrying your data.

Get Hotspotshield VPN for : ANDROID and IOS. 

Related Posts

• KW1501 – 10 Geeky Projects for 2020
• Server week : Trust no-one with Owncloud.
• KW1701 – Morning Geekspresso Episode 1
• KW1608 – Tunneling with Tailscale
• Tyranny of the default: Native or 3rd party apps ?

Privacy week: Surf anonymously with the TOR Browser.

The TOR network, better known as “The Onion Router” network is mesh of “endpoints” all over the world, interconnected by a encrypted connections. Much like a network of Wormholes, traffic can go in on one end and leave the TOR network in a completely different (and random location) to “go on the internet.”   I know some of you might be wondering what this is for, so , imagine being in China and wanting to watch something on Youtube. The Chinese government does not only block a lot of “Western” websites, it also keeps track of the traffic its citizens generate. Enter the TOR network. Using this network our Chinese Youtube enthousiasts sends his traffic through the TOR network. The actual request “emerges” onto the internet in some random country (where Youtube is not blocked) AND its encrypted along the way. So he gets to watch his favourite catvideo AND the government does not have a clue what he is doing.

So how can this work for you ? Whenever you are on a public hotspot or on a network you do not trust, you can use the TOR browser. Your browsing behaviour will not only be completely opaque to whoever is trying to watch your movement on that network , it ALSO will circumvent URL and content restrictions.. because if they look at your traffic .. they will only see an encrypted tunnel between you and whatever TOR endpoint you are connected to. Nobody can sniff you, Nobody can block you.  Eat that Starbucks Script-kiddy !

The TOR browser is a “mutated version of Firefox” that lets you  surf DIRECTLY on the TOR network. It is available for Windows, Linux and the Mac and is COMPLETELY PORTABLE (you don’t even have to install it). So carry it around with you on your USB stick and be absolutely sure that, next time you are logging in on that Wifi network in the Hotel Lobby .. nobody can “follow along”.

Download the TOR BROWSER BUNDLE here.

Related Posts

• kw905 : Life on a Chromebook.
• Privacy Week : Tunnel traffic through your home network with Sshuttle.
• Privacy Week : Surf anonymously on your phone with Hotspot Shield.
• kw707 : Downloading Torrents from anywhere.
• Connect your Chromebook to your home network over SSH.