Tag Archives: privacy

Facebook is *NOT* Decrypting Your Secure Messages!

Share

FacebookDecrypt

Today, a story broke, claiming that

FACEBOOK TO DECRYPT “SECURE” MESSAGES OVER CYBER-BULLYING ACCUSATIONS

This appeared to originate on the InfoWars.com site.  While that site has some interesting stuff and breaks some stories, it also over hypes much of it and posts an amazing amount of conspiracy theory stuff.

But, none of that is reason to automatically disbelieve this claim.  But this is… the first paragraph of the story, explains it all.  I hate facebook for many reasons, especially for its privacy violations, so I can’t believe I’m defending them on this, but this has been blown all out of proportion.  Specifically…

“When you report a secret conversation, recent messages from that conversation will be decrypted and sent securely from your device to our Help Team for review,”

Facebook  DOES NOT DECRYPT the secret messages!!!. YOU DO!  And then you voluntarily SEND IT to facebook.

Now, that’s not to say that they don’t do other nefarious stuff, because they DO!  But this is not one of them.  The ONLY way Facebook can see the encrypted conversation is if someone in the conversation MAKES A CONSCIOUS CHOICE to send it to facebook.  And that conversation is decrypted by that participant’s phone, NOT by facebook themselves.

So, step back, take a breath, and brow beat facebook for their many other privacy violations that actually do exist.

Disclaimer:  If Facebook is decrypting messages, this InfoWars story’s first paragraph text refutes that, in spite of all the hype later.

Lawsuit claims Facebook illegally scanned private messages

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Fitbit is a Major Privacy Peeping Tom

Share

I ran the setup for my new fitbit Surge watch and during the Windows 10 fitbit app setup, it showed me this list of fitbit owners from MY PRIVATE CONTACTS!FitBit Contacts cleaned

In this list of fitbit owners:

  • Dude from High School I barely knew
  • Ex girlfriend from Jr. High.
  • Several people I don’t recognize.
  • Bunch of girls I knew from 1-12 grades.
  • A good friend’s cheating ex.
  • Little sister’s friend.
  • Brother in law.
  • Wife of brother in-law’s good friend (dont’ know why she’s in my contacts… probably through a facebook sync from years ago).

Also, everyone else in my contacts that do not have a fitbit account.

Some of these names are NOT in my contacts on my PC, which means they came from my phone.  And for the Windows 10 app to know that these 16 people have fitbits, my contacts had to have been uploaded to the fitbit servers so it could compare them to its database.  At no time was I asked permission to upload my private contacts (from either my phone nor my PC).  And I’m guessing these people didn’t explicitly grant it permission to let me know they have fitbits and they will likely be notified that I have one, even though I’ve given no such explicit permission to notify them nor any explicit permission to hijack my entire contacts list.

Fitbit spying

In addition to this, 100% of all health data that a fitbit collects is uploaded to the fitbit servers, viewable by fitbit employees… all done without notifying you and certainly without asking for explicit permission.  Turns out, the only way to use a fitbit without uploading all your private data is to not use the PC app or the mobile app, but, of course, the fitbit is mostly useless without them.  There’s no technical reason for uploading our data to the fitbit servers.  The PC and mobile software could easily have communicated with the watch without the involvement of the fitbit servers.

While on technical support today trying to resolve why my fitbit won’t charge, I discovered that they have access to all my health information collected by this watch, even though the employee I spoke with said it “only” uploads… then rattled off every thing the watch does… “for the purpose of knowing your fitbit is working”.  In addition to that, they know when we charge them, when we reboot them, and what devices we charge them from.  All this without permission from us.  Sure, some of this is somewhat inacuous data, but I did not give it permission and collected together, all this information can be used against you.  This is your HEALTH information.

Just about any kind of personal information online can be used against you and your _*personal health*_ information is especially vulnerable.  In this article, I list ways that seemingly innocent information can hurt you:

So, HOW do you stop it?

  1. Don’t run the mobile fitbit app.
  2. Don’t run the desktop fitbit software.

Of course, without the apps, the fitbit is pretty much useless.  Your only real option here is to stop using your fitbit.  There should be other smartwatches that can do similar or better things that DO NOT send all (or any) of your private data to remote servers.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Creating an encrypted, virtual disk

Share

image

image

This is the fourth post in my “Encrypt All The Things!” series.  The prior article was on encrypting a single file.  In an effort to increase my privacy and my family’s safety, I’m going through and encrypting everything that’s possible and writing a series of articles on end-to-end encrypting for everything from phone calls to hard drives.

  • Click here to follow me on Google+.
  • Follow me on Twitter @CSharpner.
  •  

    What you’ll need

    • Encryption software (described below, with links – It’s FREE)
    • A Windows, Mac, or Linux PC.

    Software

    TrueCrypt was one of the most popular disk encrypting programs for a long time, until about a year ago when the author unexpectedly pulled the plug and put some strange text on his website that the program was unsecure and people need to go find something else.  The whole tech industry was scratching their heads because it had just gone through a very public security audit and determined to be very secure.  What happened was the author(s) just got tired of supporting it and called it quits.  Fortunately, it was open source and other groups have taken over, forked the code, and have been improving on it.  VeraCrypt is a popular fork of it that I recommend.  You can download it here.  It’s available for Windows, Mac, & Linux.  And it’s fully open source and free and supported by its new authors.

    Download and install VeraCrypt.

    Virtual Disks

    We’ll be making a virtual disk that’s encrypted.  A virtual disk is simply a large file.  VeraCrypt can do its magic and make Windows/Mac/Linux think it’s a disk, so you can read and write files in it, just like on any other hard drive.  In Windows, the virtual disk will have its own drive letter (but only when you “mount” it… when you’re done with it, you “dismount” it and it stops looking like a disk to the OS).

    image

    • Click the “Create Volume” button to begin.

    image

    • Make sure “Create an encrypted file container” is selected, then click “Next”.
    • Select “Standard VeraCrypt volume” and click next.  I’ll let you discover the other features of this product outside the scope of this tutorial.
    • For “Volume Location”, click the “Select File…” button and choose a place on one of your accessible hard drives or network drives.  You’ll need to provide a file name.  I recommend giving it an ambiguous name like “Graphics-System.dll”.  This obscures the meaning of the file from intruders.
    • image
    • Then click “Save”.  Also, make sure “Never save history” is checked.  This prevents intruders from running this app on your machine and seeing where you created your last encrypted virtual disk.

    image

    • Click “Next” and if you named it with a file extension of “.dll”, then you’ll get a warning.  It’s OK.  We’re doing this on purpose.
    • Now, choose your encryption method.  All of them are good.  Better is using 2 or more of them simultaneously.

    image

    • Remember, the tougher the encryption, the slower the encrypting and decrypting.  I recommend clicking the “Benchmark” button and choosing the one that gives you the fastest speeds, unless you have state secrets or secrets that can cause significant harm to you or others, then take one of the options that give you all three.  Notice that you might notice one of them is significantly faster than the others.  If so, then your CPU chip probably has encryption hardware built in.  VeraCrypt will use that if you choose it.  As you can see, AES is drastically faster than the others on my own machine.  That’s because my Intel CPU has AES encryption hardware.  I’m going to choose “AES”

    image

    • For the hash Alorithm,  Sha-512 is better than Sha-256.  Whirlpool and Sha-256 are similar, but Sha-256 was created by the NSA and Whirlpool wasn’t.  Use that information however you like!  I’m choosing Whirlpool.
    • Next, choose the size of your encrypted virtual disk.  This is up to you.  How much space do you need for your encrypted data?  Whatever that number is, it HAS to be less than the available space on whatever drive your storing the virtual disk file on.
    • Next, choose your password.  This is a pass phrase you’ll need to enter every time you mount the encrypted volume.  Obviously, use something strong, long, and easy to remember, but difficult for others to figure out.  I recommend typing in a full sentence, with punctuation.  CASE MATTERS!  Don’t use famous quotes.  Think of something that is unique to you like, “I hate it when people cut in front of me in line at the movies!@#$”  Be creative!

    image

    • After entering and re-entering your pass phrase, click next.  That takes you to the “Volume Format” window where you need to rapidly move your mouse back and forth, up and down, in circles, and everything else in that window to help your computer create a random number to seed the encryption.  The more randomness from you it gets, the better.  Computers are terrible and making random numbers by themselves.  So spend a full minute or two just moving your mouse every which way across that window.  Then click “Format”.

    image

    image

    Congratulations!  You have now created your first encrypted virtual disk.  But, in order to USE it, there’s just a little more to do (and this is what you’ll need to do every time you want to mount your encrypted, virtual disk).

    Mounting your virtual disk

    image

    Back to the main window of VeraCrypt, pick a drive letter from the list provided (Mac & Linux will be slightly different), then click “Select File” and find your encrypted virtual disk file (You DID pay attention to where your created it, right?)

    image

    And click the “Mount” button.   Then enter the pass phrase you created at the beginning.  Without this passphrase, it will be impossible to access the encrypted data on your virtual disk (even if there’s nothing in it yet, you can’t even mount it without the passphrase).

    image

    image

    If you used a system file extension like “.dll” on your encrypted volume, you’ll get another warning when you try to mount it.  Just click OK.  It’s OK, we meant to do this.  We’re trying to fool the bad guys, right?

    You’re Done!

    image

    You’re encrypted volume is now mounted and ready to use, like any other disk.  “But, can I…”  YES!  It’s just a volume like any other volume.  You can read and write to it exactly like anything else.  You an stream video files to and from it just like any hard disk.

    Notice I have mine mounted with the “M” drive letter assigned to it.  You can exit VeraCrypt and your encrypted virtual volume will stay mounted.  When you’re done with this, start VeraCrypt back up, select the volume, and click “Dismount”.

    As long as it’s mounted, anyone that has physical access to your machine can access its contents, so be sure to dismount as SOON as you’re done with it.  Also, anyone with NETWORK ACCESS to your machine could have access to the contents of your encrypted volume.  It’s ONLY protected when it’s NOT MOUNTED!  When you’re using it, it’s accessible to other software on your computer!!!

    Notice my M: drive in my drives list?

    image

    That’s the encrypted volume I just created and mounted.  Yes, it’s a really small disk.  Don’t tell anyone, OK? Smile  I do have bigger ones!  No!  Really!  I do!  Wait!  Where are you going?

    Thank you for sharing this article.  See this image?

    image

    You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

    Share

    Encrypt All The Things! [A Guide]

    Share

    So, Microsoft Windows 10 sends your private data to Microsoft (E-Mail and private files in private folders (read the EULA if you don’t believe me), your employer is snooping on your web traffic at work, local hackers are packet sniffing your web traffic at the coffee shop, your neighbors are hacking your home wi-fi, cloud providers have access to your files, thiefs have access to everything on your laptop or phone when you lose them in public, and don’t even get me started on the NSA and all the things THEY have access to (hint:  It’s everything, including your phone calls), not to mention your ISPs and rogue, tin-pot tyrannical dictatorship governments around the world.

    You want your data to stay out of their hands and eyes?  Then you’d better put on your foil hat, pull up a chair, and pay attention to this how-to on encrypting all your data and all your communications (including phone calls!) and some best practices thrown in for good measure.

    From a high level, here are the things we’ll be encrypting.  I’ll break them up into separate articles, because it would be quite a lot to take in all at once.  I’ll be writing these articles over the next couple of weeks, so check back here to see this topic list change from black text to hot links to the published articles.

    Thank you for sharing this article.  See this image?

    image

    You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

    Share

    Sick of the NSA Spying on you?

    Share

    imageSetting aside the tin foil hat and paranoia jokes, no one likes being tracked or their private text messages being scraped up by the U.S. government’s massive computers, nor their phone metadata being logged, nor even the possibility of someone being able to listen in or record your phone calls (the NSA denies they listen to calls, but others with even FEWER ethics CAN).

     

    Here’s what you can do to protect yourself on your Android SmartPhone

    • Encrypt your text messages.  There are 2 good options:

    Install the TextSecure app.  This app will automatically detect which of your contacts also has this app installed and will automatically encrypt your SMS text messages with those individuals.  TextSecure is available on iOS too!  This means you can have encrypted texting sessions with both iOS and Android users!

    Root your phone and install CyanogenMod 11 (or higher).  CM 11 has built-in support for TextSecure encryption, coded directly INTO the Operating System.  This means, you don’t have to install the TextSecure app.  Automatically, ALL SMS apps on your phone suddenly support TextSecure encryption.  But, you have to turn it on.  The feature is called “WhisperPush”.  Simply find the WhisperPush app on your phone, run it, and follow the instructions.  It’s the simplest setup you’ll ever experience.

    • Encrypt your voice phone calls (yes, you can do that)

    This used to be stuff of only fiction in spy movies, but it’s a reality today and YOU can do it within minutes of reading this article.  First, install the app RedPhone from the Google Play Store.  This app is made by the same people that make TextSecure.  Both you and the person you’re calling (or receiving a call from) have to be using this in order to have a secure, encrypted phone call.  When you install the app, the first time you run it, it’ll ask you to register your phone number.  Now, anyone else with the app, when they call you’re number, the app knows you have it and will offer the caller the option to make the phone call encrypted.  Note that this uses your DATA connection and NOT your phone connection.  You’re not actually making an actual phone call.  It’s more of an internet audio chat.  But you don’t need to know that other than if you have a data cap, this will use your data.  As far as you and the other caller are concerned, for all practical purposes, it’s a phone call.  But your carrier will have no record of it AND anyone trying to listen in will only see a stream of random bytes streaming.  It’s totally encrypted… just like in the spy movies! Smile

    • Encrypt your E-Mail

    This is a bit more difficult.  I’ll provide another article on how to do this.  The short version is you need to install djigzo from the Google Play store to manage your keys.  Then you’ll need an e-mail client that can use those keys to encrypt and decrypt your e-mail.  K-9 Mail is supposedly one of those apps.  For the record, I’ve NEVER gotten this to work.

    • Encrypt your phone

    Android can encrypt your entire phone.  Don’t confuse yourself.  This does NOT encrypt ANY internet traffic to or from your phone.  It encrypts the files on the phone itself.

    Go to Seetings –> Security –> Encrypt Phone

    Warning!  This can take an hour or so!  Make sure your phone is plugged in AND has at least an 80% charge.  You do NOT want this failing in the middle of  it.  It will also require you to set a lock screen PIN or password, if you don’t already have one.  Once you do this, you CANNOT flash anymore ROMs on your phone (if you’re rooted).  So, make sure you’re good to go with the ROM you have.

    • Add a PIN or password to your phone

    This one is obvious.  You need to set a PIN or a Password on your lock screen, otherwise, anyone can use your phone and see your data.

    • Add extra PIN for individual apps

    Install the app AppLock from the Google Play store.  Open it up and set your settings.  You’ll set a PIN and you’ll select the apps you want to have an extra layer of protection.  Hint:  DO NOT use the SAME PIN here that you’re using for your phone lock screen.

    This app will pop up a PIN prompt whenever someone tries to open one of your extra protected apps.  For example, you may want to enable your backing apps and credit card apps via AppLock so that you have to know that extra PIN in order to lauch them.  This way, if you let someone borrow your phone, they can’t go snooping into your financial data.

    • Hide apps and/or files on your phone

    Maybe you have some apps that you don’t want other people to know or use.  Go to the Google Play store and download an app called Hide It Pro.  When you install it, it’ll show up on your phone as “Audio Manager”.  It’s deliberately deceptive.  The purpose of this app is to hide apps and/or files on your phone.  You protect them with a password of your choosing.  If someone’s snooping around on your phone, all they’ll see for this app is a music icon with a label, “Audio Manager”.  And if they launch it, it’ll even have working audio controls.  Those controls are totally for faking out people snooping on your phone.  Long press on the app title at the top of the screen (inside the app) and you’ll be prompted for a password, which then takes you into the real app where you can select apps and files to hide.  They won’t even show up anywhere on the phone with the regular phone interface.

    • Hide your browsing and internet traffic

    Your ISP can see all the sites you go to, and so can the NSA, and so can anyone else snooping on your wireless connection (or even your wired connection).  And websites know what IP address you’re using, which means they can ask the ISP that own’s that IP address who is using it, and they’ll give them your name, address, and phone number.  What you need is something that bounces your web page requests to random computers all over the world.  Yes, this is exactly what you see “hackers” doing in hi-tech spy movies and YOU can do it too… VERY EASILY.  Install the app Orbot on your phone.  Follow the directions.   It’s super simple.  If your phone is rooted, it can obfuscate ALL of your internet traffic.  If your phone is NOT rooted, it can work with a few apps on your phone (web browser and e-mail, in particular) and bounce all your traffic from those supported apps all around the world.  It’ll slow down your connection a little, but it’ll also protect you against nosy, 3 letter acronyms including ISPs.

    Click here to follow me on Google+.

    Follow me on Twitter @CSharpner.

    See these images?

    imageimage

    You’ll find an actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

    Check back later for updates too!

    Share

    Poll: What do you do for privacy concerning your webcam(s)?

    Share

    Considering that there are various types of spyware floating around that literally spy on you using your own webcam, do you take any precautions to protect your privacy?

    Do you cover up or disconnect your webcam on your PC/mobile to protect your privacy just in case some spyware found its way onto your machine to send images of you back to the hacker(s)?

    View Results

    Loading ... Loading ...
    Share