Archive - Privacy and Anonymity RSS Feed

So you want to be anonymous: Your IP address, the low hanging fruit.

April 22, 2012 in Privacy and Anonymity with 0 Comments

This is part 1 of a series of posts on how to increase your anonymity and privacy on the Internet.  The introduction and index can be found here.

Most people technical or not understand that your IP address is a unique way to find an individual on the Internet.  Law enforcement, criminals, people needed to be anonymous as well as most technologist understand the basics of an IP address and how it can be used to identify you.  It is by no means the only way, but it is the easiest and to a degree the most cost effective.  It is so easy and so cost effective that as a society we are trying to make it even easier.

There are many proxy services that will ‘hide’ your IP address and offer you anonymity and privacy.   While they may claim they do not log identifiable information such as IP address, what if they change their mind and don’t tell you?  Maybe an advertising company approaches them and gives them an offer they can’t refuse.  Maybe an employee is willing to risk making some extra cash on the side to extract the data.  The laws of the country where the provider is located, the atmospherics the government is facing with respect to anonymity and privacy both nationally and internationally might force the provider to go against claims they have made to their users.  For example there are laws in several countries that allow law enforcement to not only request your ISP provide personally identifiable information without a court order, but they can add a ‘gag’ order not permitting them to tell you if they stated they would in their contract. The reason this is possible boils down to control.  ISPs and other service providers on the Internet are a business and registered in at least one Country.  That makes them traceable, they can be found, and can be forced by government, law enforcement, or other powerful organisations to comply to certain demands.  These businesses could have employees that are willing to risk helping a third party for some extra cash.  Their systems could be hacked and data stolen, or they just may not care about your privacy even if they say they do.  If you want to have privacy and reduce the exposure of that privacy being taken away, you have to maintain a certain amount of control. You need to maintain control of your electronic devices, physically and technically.  Control of the services you use and how you use them.  You need to keep enough control that the amount of work to determine who you are is not worth the cost of discovering it (more on this in a future post in this series).

Services such as The Tor Project, The Freenet Project, and i2p are some examples that allow you to hide your IP address.  While they do not guarantee anonymity, they are distributed, not centrally controlled, open source and information, and are specifically designed to improve anonymity and privacy.  As such, they drastically increase the time and complexity of anyone trying to discover the identity of a target.  While I use all these networks for various projects, I am most familiar and have the most experience with Tor as an end user and how it works technically, so I will use it as an example.

Tor is available for many operating systems including Windows, Linux, osX (Mac), and Android.  I am most comfortable with the Linux operating system and use several versions of it regularly, I’ll use Windows for this post to demonstrate hiding your IP address as Linux is more technical when it comes to the set-up and I want to ensure people who are not technical at least get an understanding of the ease at which you can get some privacy.  Using a simple Windows 7 install, I downloaded the Tor Browser Bundle for Windows and installed it (which is really just extracting it into uncompressed files).  Going to the extracted files you will find an executable called “Start Tor Browser.exe”.Running this executable will bring up a control window similar to the picture below and immediately connect you to the Tor network.  Once completed, a browser will appear (Firefox) and should send you to the URL https://check.torproject.org, which will confirm you are on the Tor network and tell you what your current IP address looks like when you browse.  This address should change every so often, and you are not connecting directly to this IP address either. You are connecting through a relay of 2-3 systems and each of these systems is unaware where the source of the data is coming from (except for the initial connection point) or where the data is destined (except for the exit system).

Below, you can see the log entry from this blog where using Tor I accessed the blog.  The IP address recorded is 31.172.30.4 which is located in Germany.  I am sitting in Canada on an IP address that is in the 24.x.y.z (24.0.0.0/8).

Tor is actually much more functional and complex than what I have demonstrated here.  The bundle that I installed to create this blog has been packaged up and put together so that regardless of your technical abilities, one can get on the Tor quickly and easily and increase their anonymity and privacy.  Tor actually can anonymize almost any program you have not just your browser (assuming it is TCP protocol based).  For those requiring more than just anonymous web browsing, you can get quite complex with Tor configurations.   You can also control where you exit, how often your relay and paths change, and many other aspects.  I encourage anyone interested in the more technical details of how Tor works to head over to the Tor Project website.  There you can find research papers, guides, protocol descriptions, concepts and many other articles to get as knowledgeable about Tor as one wishes.

Finally, usage of any of the anonymous networks (not just Tor) does not mean that your identity can not be discovered.  Adversaries that want to take the time, resources, and potential financial requirements can find other ways to reveal an individual or groups identity.  I will discuss some of these in future posts in this series.  However, a curious ISP wanting to know what their customers are up to or an entity that has an IP address and is using that to try to connect it to an identity will have to put more effort forth if they wish to discover the real identity.  For good people simply wanting some privacy, this increased cost incurred by the entity trying to discover the identity will not be worth the hassle.

 

 

So, you want to be anonymous: An Introduction

March 13, 2012 in Privacy and Anonymity, Security, Surveillance with 0 Comments

I often have conversations with people about being anonymous specifically while on the Internet.  Most people believe that anonymity is not possible today.  Others believe that by doing specific steps (deleting your browser history, ensuring SSL is active are two of many examples) you will not be traced.  In my opinion and experience both points of view are correct.  While there is never a 100% guarantee of being totally anonymous, you can take steps to improve your anonymity.  The first step to being anonymous is to understand that anonymity it is not black and white.  There are lots of questions you have to assess and answer.  What is the situation you find yourself in?  Why do you want to remain anonymous in the situation?  Who may try to discover your identity in that situation?  How badly will someone or a group want to obtain your true identity? What resources and intelligence do you you have at your disposal to protect your anonymity?  What resources and intelligence does the individual or group that would want to  discover who you really are have available to them?  These are but a few of the many questions and their applicability depends on the situation.

A good analogy to anonymity is basic physical security.  I have security at my home, the doors lock, the windows close and lock, only certain people have keys, there is an alarm system.  If you compare my home security to the home security of a criminal organization’s leader, you can be certain they will have more security than I do in my home.  They may have people standing post  watching all sides of the house, large perimeter fences with alarms, bullet proof windows, steel doors with re-enforced frames, hired bodyguards through the home, rehearsed escape plans with get-away vehicles and whatever else they deem necessary.  You can walk up to my front door and ring the doorbell, I might even answer if I am home.  You would have to first find the home of the leader in a criminal organzation.  They probably have multiple homes, so you would have to determine which one they were in at a particular time.  Assuming you could accomplish that, you probably will not make it to the front door if you were to try let alone have the leader answer the door if you were able to physically get to the door.  It is not just that the criminal organization has way more money than I do as to why they have better security.  It is because they have something that is of much higher financial value than I do.  A criminal organization that has something of value to protect (merchandise, leader, industry knowledge) and is willing to spend more money on security because the risk of loosing what they are protecting is greater.  Security is the same with any organization be it financial, private, pharmaceutical, mining, government, or whatever.  What are the most treasured items or knowledge I have to protect?  How much do I have to loose if those items or knowledge was stolen or obtained?  What is an acceptable level of risk for loosing this property or knowledge?  What will the cost of security be to get to an acceptable level of risk?

Anonymity is no different.  If I want to purchase a gift for a family member that costs $100. I can spend hours, setting up tunnelling protocols, configuring a special browser and operating system, setting up an untraceable method of payment so that I can place my order knowing with confidence that my family, my ISP, law enforcement, and anyone else won’t know (at least not without a lot of time and money on their part).  I may have to learn how to do all this.  But even if someone does know it takes time to set this up, check that it is in fact secure.  For me, that time is worth more than the $100 dollars I am spending on the gift.  I’d probably just order it on a normal PC, using a normal Internet connection, clear the browser history, and hope no one sees the credit card statement before the gift arrives.  Could my ISP see that I ordered flowers? If they wanted to yes.  Do I care? Not really.

But what if I want to browse a particular website and not have Google know about it?  What if I wish to do research on a particular topic that I don’t want any person, group or company knowing that I am interested in that topic?  What if I am conducting an investigation into an individual who works for a company and we know he is technically savvy and has an intricate knowledge of security?  In those cases, it is worth my time to plan properly so the risk of being exposed is reduced.  These questions and how to will be the topic of a series of blog posts I will write entitled “So, you want to be anonymous.”  I am not sure how many posts will be in the series yet (I suspect 4 or 5), but I will try to keep each post short and cover one topic of maintaining anonymity.  Anonymity on the Internet is something that has always interested me and many others.  There is lots of information on the Internet about it (both true and false information).  I used to have to keep up with being anonymous in order to do some of the work I have done in the past.  Today, I mainly keep up with it, just because it interests me.  The next posts in this series will start with a general discussion on a few of the basic ways you can be monitored from the network as well as application levels. Next we can discuss ways to avoid being monitored, minimize digital trace evidence that can lead back to a particular target from the network, service, and application perspective.

Series Index:

1. Your IP Address, the low hanging fruit

  Photo courtesy of…

 

Money always trumps security when they are in opposition

August 9, 2010 in Encryption, Privacy and Anonymity, Security, Surveillance with 0 Comments

I have been following the RIM security saga with India and Saudi Arabia.  I have previously mentioned, I have been in the U.A.E. in the past performing security consulting.  A few facts I know:

All HTTP goes through a proxy. If you connect to a service provider, all your flows go through an HTTP proxy system.  The proxy system scans requests and compares them to a database of categorized sites.   The government provides policies to the service providers, and it is required by law they are enforced.  They are enforced in real time.  Attempting to visit an unauthorized site you will be re-directed to a page in Arabic explaining that it is not permitted.  I actually kept a screen capture of the page and was going to post it, but I can’t find it.  However, if you are in Dubai, just try to go to a site that has questionable material.  You will be re-directed.  Anyone can do it, it is not a secret.

HTTPS was ready to be implemented. Approximately 2 years ago, they were testing the ability to decrypt SSL on the fly so that they could perform analysis on the requests and grant or deny access as with HTTP traffic.  I am sure this is deployed by now.

Voice Over IP, Instant messaging and other protocols had specific policies. I won’t go into the details here, as I don’t know how public this information is, but there were active policies deployed around these and other protocols.

Privacy is not the same as North America. In North America, we many feel that privacy is slowly being eroded.  In comparison to Dubai our policies with respect to privacy are impressive.  The ISP has the right to watch what you are doing and actively grant, block, and log your activities.  It is actually a requirement in order to get a license to be an ISP from the Government.

When Saudi Arabia indicated they were going to ban Research In Motion devices due to the fact the government was unable to decrypt communications as needed, I was hopeful that RIM would say too bad.  Of course that was the idealist in me hoping that RIM, a Canadian company with one of their key features they market is  about Blackberry and its security would not be compromised.  The realist in me understands that the Middle East is a growing market and from a business perspective RIM has no choice but to be a part of it.  If you want to do business in Canada you have to play by our rules, so it only makes sense that if you want to do business in the U.A.E., you have to play by their rules.  As expected, RIM reached a deal with Saudi Arabia.  They also reached a deal with India earlier this week.

What I find amusing is the latest Spin they have put on security given the situation.

RIM made no direct comment on any discussions with the UAE or others, but it sought to reassure customers about the security of their data on BlackBerry networks.  “While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments,” the company said in a statement to customers.

A RIM spokeswoman could not be reached for comment.

RIM said in its statement that under its security system customers have their own encryption key and “only the customer ever possesses a copy” of that key.

While I am sure they have not lied, you can’t have it both ways.  Either you comply with the government request that they can decrypt messages and data as they require, or you don’t.  Any other suggestion implies that the laws within the UAE have changed.  I am not a lawyer, but I haven’t seen any news about new laws protecting UAE citizens privacy.  The best part is the last statement how the customers have their own encryption key that only they possess.  I am sure that statement is true.   But it is what is not said that is telling.  Are there any more encryption keys other than the one the customer possesses with respect to the customer’s messages?   Companies that deploy encryption and decryption of email, files, and data in general give each employee a copy of their own key that only they possess.  When encrypting data, the system creates some sort of a unique key (lets call it E) that is actually used to encrypt or decrypt the data.  The E key is then encrypted with the customers encryption key (lets call that key Ec).  The trick with businesses, is that the E key’ is also encrypted with their own key (lets call it Eb).  If you loose your key (Ec) or refuse to give it when asked, they can use their key Eb to decrypt and obtain E key.  Once they have the E key, they can then decrypt the message.  There are several variations to this but the basic premise from a recovery perspective are the same.

This is not the first time this has happened either.  Not sure how many people remember Hushmail.  I wrote about them here.  Hushmail marketing was based on the fact that if you used them for email, no one but you could retrieve your email stored on their servers.  Even Hushmail staff was not able to retrieve the email if they wanted to as they did not have the keys.  (Sound familiar to the RIM article above?).  Yet, when U.S. law enforcement contacted them about an individual they were investigating, Hushmail was able to provide them with 12 CDs filled with unencrypted emails of the individual under investigation.

While I don’t blame RIM for their bowing to the governments of India and Saudi Arabia if they wish to do business in their countries, I dislike the spin they are placing on security.   They are mis-leading the public and playing on the fact that many people do not understand the intricacies of security.  While they are not lying, I strongly suspect they are not being forthright.

When all the dust settles, it is important that people realize that money is what drives business.  You can claim all morals, goals, and visions you want.  But if at some these come into conflict that causes enough money to be at stake compromises will be made.  Security unfortunately is no different.

SSL Decryption is becoming the norm

June 22, 2010 in Forensics, Privacy and Anonymity, Surveillance with 3 Comments

A couple of years ago I was at a client’s site in Dubai.  The client was an telco, and I was doing some security consulting for them.   Like many countries in the Middle East, Dubai actively monitors data entering and leaving the country.  Privacy laws as far as I could determine do not exist.  All internet communications are actively monitored.  It is quite common to suddenly see a web page pop up explaining in Arabic that the site you are trying to view is not authorized and you have been denied.  Telcos there have spent millions of dollars on infrastructure in order to enforce these requirements.  The design is not as complex as one might think, just resource intensive.  Resources are required to process the data real-time and staff is required to maintain the infrastructure, look into events and other tasks.  Telcos do this because it is required  by law.  You can not obtain a license as a Telco unless you have monitoring capabilities deployed.

My first day in Dubai, I went to lunch with one of the executives of the Telco.  During our lunch, I asked him how they manage encrypted connections.  He explained that they were currently getting ready to deploy a solution to solve that.  The infrastructure was being upgraded to decrypt all SSL sessions and parse the data as required.   Aside from opening my eyes to the difference in privacy between North America and the Middle East from a privacy perspective, I found it interesting that SSL decrypting was so easily available.   Previously, I had seen software that law enforcement used for this purpose.  I myself had done it for clients using available tools during a engagement.  But these tools were designed more for targeted surveillance, not mass scale.  Like all technology, it improves and gets less expensive over time I guess.

Today, there are many more companies in North America and abroad that either have deployed SSL decrypting capabilities or are in the process of doing so.  Security, diagnostics, audit and legal requirements to know what is coming and leaving their networks and being able to log and trace back data transmissions to the originator are some of the reasons.  One driver is Data Leakage Protection (DLP), currently a very ‘hot’ topic with many new vendors jumping on the opportunity with solutions.  In order to look for data leakage, you need to see past any encryption that might be present.  Cisco, Bluecoat, PaloAlto, Fortinet are just a few companies that offer products for SSL decryption.

With Google deploying encryption for Gmail and more recently searching, plug-ins such as the EFF Firefox plug-in to help secure your communications, companies are feeling more and more concerned about what data is coming and going.  What worries me is that all these security, legal and audit requirements companies face are actually not helping them in the long run.   If these companies are decrypting SSL sessions that egress and ingress their network, you can be sure that other companies are doing the same to theirs.  The net result is that everything is decrypted and no one has any privacy.

Next time you connect to your bank, doctor’s office, insurance company, Gmail or any site and see secure indications from your browser similar to these

along with the companies re-assurances that the site is secure, keep in mind things may not be as they appear – today even more so than yesterday.

Do you deploy any type of decryption on your network?  If it is deployed are you aware of it?

photo credit

Information leakage and privacy

March 1, 2010 in Forensics, Privacy and Anonymity with 0 Comments

Have you ever sent an email from a personal email account at work such as Hotmail, Gmail, or your personal account at your service provider?  When you do that you might assume that since you are sending the email from a central system it would not be possible for the recipient to obtain information about you beyond what you give them and an email address.  Unfortunately this is not true.  Information is leaked in many ways.  SMTP, DNS, HTTP all can leak information about a particular individual or organization.  In my experience, most people know this is possible, but fail to grasp the ease with which information about a person or company can be discovered.

Here is a simple example to illustrate.  I have found when speaking to many users of email, they feel that their location could not be determined by the recipient in an email unless they specifically give it, or it would be at least difficult to find out.  They even feel more comfortable with this statement when they are using their personal email from a terminal at work or a Internet cafe via a browser.

I was recently corresponding with a friend of mine.  She has a Rogers email account that she uses for her personal email.  She sent me a response to an email.  By looking at the email itself, there is no information that would give away where she was located.  However, if I look at the email headers a wealth of information is available.  Let’s focus on one piece.

* headers not required for purposes of entry have been removed and others edited as required to protect identities

The ‘Received:’ header above displays an IP address.  Taking that IP address and doing a ‘whois’ (shown below) reveals the company name where the email originated.

* removed ISP information and edited company info to ensure privacy

How could this information be used?  If someone wanted to surreptitiously gather intelligence on a target, one could send a email to a target asking an innocuous question.  By responding the target has unknowingly revealed their place of employment.  A few searches on Google, a picture on Facebook of yourself and family members … you get the idea.

This type of information gathering has valid uses.  Determining a time-line of a target and their actions from a corporate or legal investigation, determining if your spouse is cheating on you, or your teenage child is lying are some examples.

I am not suggesting that you should try to hide this or not use the Internet.  I am also not suggesting it will be fixed anytime soon, if ever.  I am suggesting to be aware.  Be aware that in todays world, data about yourself is being leaked all the time and any determined individual or group can find out what you are up to with minimal effort.  Be aware that even the most common activity leaks data.

How secure or anonymous do you feel when using the Internet?

photo credit

Identifying the anonymous in today’s digital world

January 28, 2010 in Privacy and Anonymity, Profiling, Profiling with 0 Comments

http://www.flickr.com/photos/solarider/2255744829/

A few years ago, I was having a discussion with an acquaintance who was involved in an investigation.  One individual they were tracking kept changing his mobile phone every few days.  Each new mobile was typically pay as you go or stolen and personal information connected to the mobile was either false or not available.  Yet the investigators were able to very quickly determine the new number of the individual each time they switched mobile numbers.    How they did this at the time impressed me, and I use the logic to this day.

Throughout the course of the investigation they were able to determine who this individual contacted.  A few of the mobiles that the individual contacted did not routinely change their mobile number.  As a result, by watching the calling patterns of the mobile phones where the numbers did not change, the investigators could quickly determine a new number that suddenly was calling each of the static numbers in a similar pattern.  This of course requires access to mobile network data, but it worked.  Even though this individual thought they were not being tracked,  their efforts to remain anonymous unknown to them were ineffective.   As a side note, there is software that will search for and detect these types of calling patterns automatically.  The same logic here can easily be applied to a Internet connection.

A more common example is when you are ever pulled over by a police officer and you don’t have your license.  Aside from them giving you a ticket for not having your license on your person, they will most likely ask you for your full name and birth date.  The reason for the birth date is to help assure them that when they go back to the cruiser to search on their laptop, the records they obtain are actually yours and not someone else with the same name.   How many Michael Dundas’ are there in Canada?  Not sure, but the number of Michael Dundas’ with the exact same birth date really lowers the probability of a false positive.  This same logic can be applied to social networking and there is interesting research in this area including twitter.

The EFF recently published a post on information theory and privacy.  In it they discuss the concept of Entropy and how it applies to information and privacy.  It touches a bit on some of the math behind it, but if you are interested it is a good explanation of why when you think you are anonymous you may not be, even when you take precautions.  If you skip the math, their example of how a ‘user-agent’ header transmitted by your browser can narrow you down to one of 1500 people can start to give people that are new to information and anonymity a good perspective.

You can still be detected if using a proxy

November 2, 2009 in Privacy and Anonymity with 1 Comment

Britney Spears 3 Video - thumb PictureSetting your proxy settings in Firefox or Internet Explorer does not mean that you are undetectable.  In fact, with most websites today embedding  applications that provide video, audio, gaming and other services, it is more common than ever before to find evidence in logs and databases that can reveal who you are.  Most involved with network security already know this, but if you are not you may think you are anonymous when in fact you are not.

I was talking to a individual recently who was involved in an investigation.  They assumed that by using a proxy, the target site would not have an IP address or any other data logged that could link them to the target site.  I explained this is false assumption and why, but it got me thinking about others that may be in law enforcement or corporate security conducting investigations and feel comfortable they are hidden via a proxy service when they are actually exposed.

If a target site wants to detect you, there are many ways it can accomplish this easily, and often they obtain identifying information unintentionally.  Here is a quick and simple example I put together.  First, I shutdown all the servers and clients on my home network except a single computer and the gateway.  On the gateway, I captured all the traffic entering and leaving the network. Next, I configured Firefox to use a SSH proxy.  SSH has the ability to emulate a SOCKS4 or SOCKS5 proxy.  A side note to using SOCKS4 or SOCKS5 is DNS is not proxied.  This is not a concern for this particular investigative scenario, but could be a concern for other investigations, so it is important to be aware of that issue should it become a concern during an investigation.

Firefox was configured to proxy via Socks 5:

sshProxyConfigExample1

Next, I visited a site that hosted the latest Britney Spears video entitled ’3′.  The page load is shown below.

britneySpears3Video

The initial page loads along with the embedded video player.  Up to this point, the logs show that the packets are ingressing and egressing via the configured proxy server only which is our desired behaviour.

initalHTTPLoadViaProxyCleansed

The communication as shown above between the proxy server and the client continues until the video player application loads.  Once the player loads, it first does a DNS request for the the video service.

bsVideoPlayerDNSQueryCleansed

The player then directly connects to the video service bypassing the proxy at this point you have been identified.   This continues as the audio and video is streamed to the client.

bsRTMPStream1Cleansed

Keep in mind that you may already have been identified through the proxy itself.  It is entirely possible and likely that the website or player has transmitted other information about your system within the RTMP stream itself or even HTTP.  The problem stems from the fact that these embedded objects are in fact executable programs that can bypass the browser and other system settings.

If you are involved in an investigation where you don’t want to be detected by the target, do not assume that by using a proxy you are safe from detection.  There are ways to avoid detection in this way, but they require more sophisticated network and client configuration.  Regardless of your setup and configuration I would suggest always capturing the data transmitted and received.  Even if you don’t analyze every packet, it provides a detailed log of what actually was transmitted and received allowing you to go back and verify if necessary.

Tracking with Local Shared Objects (LSO)

September 15, 2009 in Encryption, Privacy and Anonymity, Surveillance with 3 Comments

Adobe Flash Logo

There has been lots of discussion lately about Flash websites using Local Shared Objects (LSO) to track users selections, browsing habits, and other information.  One of the advantages for websites has been that until now they have not been well known.  From my basic searching they have been around since at least 2004 and probably earlier.  A user may configure their browser to remove or delete all ‘cookies’, but LSOs stay.  According to some, many of the top websites use them.

I tried a little experiment to see how LSOs are stored.  The directory that they are stored varies depending upon your operating system.  For me I use Linux as my primary O/S.  The default directory for LSOs is ~/.macromedia/Flash_Player.

Clean Macromedia directory

Under the ‘Flash_Player’ there are two directories and under each of these directories are the security configuration and the binary installer for the Flash Air application.  Nothing interesting.  Next, I started Firefox and went to youtube.com and selected a video.  After the video completed, I took another look at the ~/.macromedia/Flash_Player directory.

macroMediaDirAfterYouTube1

Under~/.macromedia/Flash_Player we now have two new directories, macromedia.com and #SharedObjects.  If we decend the macromedia.com directory, we find 3 nested single directories called support, flashplayer, and sys respectively.  Under the ‘sys’ directory we find a binary file called settings.sol and a subdirectory which is #s.ytimg.com owned by Google.  The #s.ytimg.com directory contains a separate settings.sol which is binary.

macroMediaDirAfterYouTube2

Under the #SharedObjects directory, there is a single oddly named directory ’3BJH4AW6′, then a directory for the website ‘s.ytimg.com’, a domain owned by Google.  Below this are two files entitled videostats.sol and soundData.sol, both containing binary data.

I haven’t investigated the format or contents of the .sol files, but it is obviously where the metadata is stored.  I may try to investigate the format or see if anyone else has already figured it out as I am curious.  The bigger question in my mind is how does one properly erase this data.  There is a Firefox add-on called BetterPrivacy which will do just that. It can be configured to delete LSOs on request or remove all the LSOs when you shutdown Firefox.  I installed BetterPrivacy and tried it.  Sure enough, upon shutting down Firefox I was greeted with this window:

betterPrivacyConfirm1

Selecting OK, put my ~/.macromedia/Flash_Player directory back to its original state with no LSOs or website directories present.  For the normal user that should suffice.  However, these are files and they have been deleted.  Most people should know that files these days that are deleted are typically still recoverable.   File systems such as NTFS (windows), ext2/ext3 (*nix) all can have files deleted on them recovered.  In the case of ext3, it is a journal file system and the default file system installed on most *nix platforms today.  Without getting into the details in this post, this effectively means that even if you wipe a file it can potentially still be recovered.

If you carry around sensitive information on your laptop, I recommend you create an encrypted volume on your hard drive using a package such as TrueCrypt, PGP.  In the case of my system, I formatted the encrypted file system to be ext2.  This means there is no journaling.  This has the disadvantage of being less ‘recoverable’ but it has the advantage that if you wipe a file with ‘wipe’, ‘shred’ or some other wiping software it is unlikely to be recovered.  Next, I point my ~/.macromedia directory to the encrypted file system.

dirsToEncryptedFS1You can see the ~/mndData file which is the truecrypt fileystem.  ~/.macromedia is symbolically linked to the encrypted filesystem.  For those interested, you can see that my Evolution (~/.evolution), Google Desktop (~/.google), Firefox Cache and bookmarks (~/.mozilla), IM client (~/.purple) and Skype (~/.Skype) all write to the encrypted file system.  You have to be able to mount the ~/mndData to get at any of the email, browser cache, bookmarks, IM conversations and now LSOs.  It isn’t fool proof, but it offers another layer of protection so that client data remains unviewable in the event of my laptop being stolen.

No covert pictures please – removing sound from your PDA when you take a picture

July 3, 2009 in Privacy and Anonymity with 0 Comments

http://www.flickr.com/photos/lwr/3318166499/

http://www.flickr.com/photos/lwr/3318166499/

At work we have this white board which has a up-to-date list of a particular project my team is working on.  It is nice in that you can just look up at it while in the office or anyone can walk over and get current information.  One of the guys on the team likes to see the list get shorter.  For these reasons we keep it on the white board.  The problem is when you are working remote as I often do, how do you get or obtain the current status?  My solution is to take a picture of it with my PDA before I leave at the end of each day.  Besides keeping a time chronology of the project with the pictures, it allows me to pull it up on my laptop when I am not in the office and work.

This morning, I am sitting in Starbucks working away and I get my PDA out to download the latest task list picture to my laptop.  In the process of getting to the application, I accidentally took a picture of my table.  The mouse was on the the ‘take a picture’ selection by default and I must have pressed the enter key.   Two people heard the ‘click’ noise and immediately looked over.  No big deal, but I found their reactions interesting and amusing.  The next thought was to ask myself the question how does one disable the sound?  Turns out you cannot.

A quick look around the web and I discovered a few things on the topic of PDAs and the sound of the picture taking.  RIM, the makers of Blackberry do not provide the option to disable the noise.  Some speculate this is because RIM doesn’t want you covertly taking pictures, but maybe they just forgot or dropped it from the design due to time pressures.  Regardless it seemed kind of silly.

It is well accepted now a days that there is no expectation of privacy in public.  Stores, businesses, and places of employment have cameras both overt and covert that constantly record and store the people and activities.  Street cameras downtown constantly record and store traffic and the movements of people.  If this is acceptable, why is it not acceptable for a individual to take a picture?  I find the assumption that there is more risk to individuals taking pictures or video than a registered business or government entity very naive.  Turns out there is even  an attempt somewhere in the world to put a law in place that would ‘require’ the noise on all digital devices.

No matter, like all things there are ways around it.  A quick search led me to this application. Downloaded it to my blackberry and problem solved.  No technical wizardry required.  I can now take silent pictures of my table and I won’t disturb the people sitting over on the couch.  These laws are just silly.  If someone really wants to take covert pictures they will always be able to do it and regulating the technology will not help.

The question is not about technology it is about the expectation of privacy.  If there is an expectation of privacy in public, then change the laws to support that and enforce it.  However, based on the court decisions I have read over the years, there is never an expectation of privacy in public.  I am not a lawyer, but I believe that precident has been set.   If you query most people on this topic,  they will assume they are being phtographed and recorded on video regularly, and they would be silly not to.

Using DNS to determine when someone is home — DNS analysis, Part II

April 12, 2009 in Forensics, Privacy and Anonymity with 1 Comment

Last month, I did a quick write up on a DNS trace that I had extracted.  The trace was all the DNS queries that left my house over a few days.  Using that same trace, I noticed that there were many queries to the domain of my employer.   This in itself was not unusual, but one particular query caught my eye:

2009-02-08 05:34:02.680383 IP 216.240.7.12.58684 > 208.67.222.222.53: 30554+ A? ap-1.sandvine.com. (35)
2009-02-08 05:34:03.037603 IP 208.67.222.222.53 > 216.240.7.12.58684: 30554 1/0/0 A 216.16.234.191 (51)

This query happened every 10-20 minutes.  Tracing it back I realized it was coming from my mobile phone.  This got me to thinking, could one determine when I was or was not home with just access to a DNS trace?  To answer that I did a bit of investigation of the address ap-1.sandvine.com.

mike@Janel:~/investigation/homeDns$ dig @ns1.domainmonger.com ap-1.sandvine.com

; <<>> DiG 9.5.0-P2 <<>> @ns1.domainmonger.com ap-1.sandvine.com

; (1 server found)

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36335

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;ap-1.sandvine.com. IN A

;; ANSWER SECTION:

ap-1.sandvine.com. 60 IN A 216.16.234.191

;; AUTHORITY SECTION:

sandvine.com. 60 IN NS ns1.domainmonger.com.

sandvine.com. 60 IN NS ns2.domainmonger.com.

;; Query time: 92 msec

;; SERVER: 216.98.150.33#53(216.98.150.33)

;; WHEN: Sun Apr 12 12:29:19 2009

;; MSG SIZE rcvd: 100

mike@Janel:~/investigation/homeDns$

From above the record, for ap-1.sandvine.com refreshes every 60 seconds.  That means that my mobile ignores the refresh request from the DNS.  While interesting to know, it doesn’t help answer my question.

I extracted all queries to ap-1.sandvine.com, the timestamp for each and quickly plotted them with gnuplot.  Next, I pulled my calendar and daily logs and added notes to the graph. The y-axis is irrelevant.  The red dots show when the queries were made and the green arrows and notes are my comments based on my calendar and logs.

A third party could easily determine when I was or was not home with a high degree of certainty.    With mobile phones now having wi-fi capabilities and connecting to the local wireless network it becomes trivial to use them as a vector to determine when someone is home or not.  I ran the same analysis on my wife’s mobile and got similar results (I didn’t add them to the chart here).

Obviously you could use other protocols and do a much more detailed analysis and correlation (or just execute standard physical surveillance), but DNS is good in that it is required for the Internet, a standard, and is not encrypted.  This was a relatively simple exercise and reasonably cost effective.   I am not a lawyer, but I suspect based on the ongoing privacy debate and  some recent court decisions that DNS queries executed by an individual or a business might be considered ‘public’ with no expectation of privacy.  I’d argue that with access to DNS information from a particular entity, one could glean interesting information from a competitive company.

Page 1 of 3123»