Staying Anonymous Online - A Guide to Anonymity, Privacy and Proxies

Anonymous Surfing needs More than a Proxy

2013-04-30T15:25:00.000+01:00

It's almost become synonymous on the net, proxies = anonymity, yet I'm afraid it's simply not true anonymous surfing can be assisted by using proxies, however it can also actually be impeded.

First of all let me tell you why I started looking seriously at products that allow you to surf anonymously. Well I work in the security profession, mainly designing secure windows infrastructures, so I am obviously interested in all security related subjects. Because of my job, I am well aware of the many risks to our data and identities as we surf online. There are lots of related posts on various security risks and issues on this blog, but the main reasons that made me actually start surfing anonymously are actually quite simple ones.

The first is the security side, when you have actually seen fake wifi portals set up in hotels, you know the threat is very real, there are people actively harvesting personal details from everywhere and anywhere. Combine this with the reality that the vast majority of data you transmit is actually in readable text (HTTP is a clear text protocol). That's right completely clear, readable text. I can sit here in my house and see quite clearly every web site my neighbours visit on their open wifi portal. Just as I can see the data from fellow residents on most hotel WiFi networks, quite easily.

So my interest in anonymous surfing was probably fuelled by this knowledge, but unfortunately there is so much more. You see you may not be aware but because we surf mainly in clear text, this means that there is a complete accessible list of all your online activities in one place, your ISP. Now you may, or may not trust your ISP with securing this data (have you ever asked? ), but did you know that most governments in the West are ensuring that they have access to this data when required ? (and probably most governments already are if the truth be told)

In Europe there is already a directive called the European Data Directive which forces ISPs to maintain all their logs for up to two years. Most countries are actively supporting this, although there is hope that Sweden won't (good on you!)and possibly Germany, but alas some countries are even going further - the UK Government is among many who are planning central databases so that 'selected' agencies can access your surfing history easily from their desk (the main barrier at the moment seems to be the credit crunch!).

In America the same, the NSA monitor and access ISP logs routinely, commonly not needing as much as a search warrant to check what you've been surfing. They know that sitting in your ISP is the most complete profile of a person and their activities that you could possibly get without their knowledge.

So I guess my two main reasons are protecting my data from hackers and criminals, plus the idea that the state can routinely
monitor what I do on line, suddenly keeping your privacy becomes rather more important.

Of course if I lived in a country where I had reasons to be genuinely scared of my government, it would have even more importance. But luckily I'm not quite in that position yet, although I do travel to these places.

There are of course a myriad of other reasons why people might want to surf anonymously. Here's a little list of side benefits you can get when you are completely anonymous online.

Some Anonymous Surfing Benefits

You can access any media content you like, irrespective of country restrictions, I can access Hulu, BBC, ABC, Pandora or any media station in the world wherever I am.
I can bypass country censorship, for instance facebook and Youtube are blocked in many countries across the world.
Nobody can monitor or block my internet access from whichever network I am using.
I can bypass IP blocks whenever I need for instance forum restrictions.

But most of all I am safe, I am invisible online, no hackers or identity thieves can intercept my data and passwords. I can surf wherever and whenever I want irrespective of my location, and nobody can monitor or block my access, and that includes the authorities.

Look for example at this screen from the software I use, it allows you to connect and tunnel through an internal work proxy, most anonymous proxies would fail to bypass an internal firewall in this situation - neat huh !

But of course there are many ways of achieving an anonymous surfing goal, most components can be put together yourself or by using a commercial product. There are two main elements that must exist to maintain your privacy - firstly shielding your IP address with a proxy and then using encryption to actually protect the data you send and receive. Without both these components you will not be secure, not even close and in some cases you'll be worse off than doing nothing.

So why the opening title of my post, do I warn against proxies? Well simply because when you use any proxy you are trusting the owner of that proxy with all your data, much like you do with your ISP. So think carefully, you're not going to stay anonymous online if the owner of that $2 .info domain with a home made proxy is scanning all your details for account, card numbers and passwords.

Proxies are essential to obscure your IP address but they must be extremely secure and in my opinion the logs should be deleted immediately, otherwise your just creating another log of your activities. That is what I do to check any security program, it is my data, the owner of the proxy has no rights to hold, store or view this information at all. Make sure you do this check.

There is much, much more to this subject and if you explore my blog, you'll find much more information on this subject which will hopefully be useful. On this website you'll find I only recommend a program called Identity Cloaker, simply because out of all the commercial products I found it was the only one that provided complete security, was able to be used on a USB key (which is important to me as I often switch computers), had a network of fast proxies in countries across the world, deleted all my logs - but perhaps most importantly convinced me they were technically capable of running a network of highly secure proxies.

There are other products out there and indeed some good ones, but watch out for those that use free anonymous proxies, many are run by the identity thieves themselves! Make sure any product you use protects your IP address using private, secure proxies and encrypts your connection (VPN, SSH or SSL tunnel), at the moment I haven't researched one as closely as Identity Cloaker but I know there are some good alternatives which I will review on this site shortly.

If you don't have the budget for something commercial, I can recommend TOR, it has it's problems and can make surfing a bit slow but it's a great concept, which we should all support, if you use it please donate what you can. However you manage to secure your browsing and obtain anonymous surfing, remember to be especially careful with how the proxies are run and by whom.

Updated

Who Wants to See Your Google Fact File?

2012-08-04T15:04:00.003+01:00

We can probably only guess at the amount of information that Google has stored about us. If you remember a few years back the Search Engine Giant collected over 600GB of personal data from unsecured wireless connections during it's data collection for Streetview. To be fair the company did insist that the collection was accidental, although it's quite an achievement to gather that much data from 30 countries by mistake.

Anyway the incident caused the company great embarrassment and an agreement was signed in November 2010 that all the data should be forensically destroyed. In December 2010 the company stated that all the data had been destroyed. Unfortunately it hadn't and much of the data is still in existence the company has now announced.

It's now August 2012, so the data allegedly destroyed about 2 1/2 years ago still exists. It appears that this is mainly due to incompetency rather than any deliberate misconduct. However given the huge amount of personal data Google holds this is hardly going to be reassuring to it's many users.

Of course this is the main problem - it's not just whether this was unintentional blundering or something more sinister - the fact is that companies like Facebook, Google et al just possess enormous amounts of profiling information about each and every one of us.

Have a look at the Google Dashboard to get an idea of what information the Search Engine Giant says it's holding about you. If you have a Google account (most do I'd warrant) and have been online for any length of time then it will probably be like a walk down memory lane. Those half remembered chat conversations, the Google Docs you've opened, the YouTube activity, the thousands of emails and possibly worst of all the slightly disturbing web history.

Just have a look at the information and imagine if it portrays an accurate picture of you and your interests. In most cases it is great profiling information but of course it's often missing background context. A Middle East War reporter is quite possibly going to look like a terrorist or fundamentalist is you just look at the web history.

Who is Looking at Your Web History ?

Well there's again little way to tell, even using European data protection and privacy laws it would be difficult to find out. Google though does attempt some transparency by publishing the requests for accessing this data by Governments and Federal Organisations - here's the top of the table for the last 6 months of 2011.

United States leads the way with over 6300 requests regarding 12, 243 individuals Google Data. Then India, Brazil and the biggest European countries not far behind. An interesting statistic is the percentage of requests complied with - presumably those which have some legal or moral justification?

If you check out the chart you'll find although Turkey, Hungary and Russia made relatively small number of requests - none were successful.

In any case, you can see there is a substantial interest in the personal data held by companies like Google. These numbers are very likely only the very tip of the iceberg, although what the true extent is we are unlikely to find out under present legislation.

What's on Your PC?

2012-06-28T11:57:00.001+01:00

Of course many people who read this blog take their security pretty seriously. Using security software like Identity Cloaker can of course give you some privacy and security when your online. It can also of course allow you to use the internet as it was designed - free and unrestricted. However although these programs can allow you to access normally restricted sites - like BBC Iplayer anywhere outside the UK - see here for details - they don't protect the information you might leave on the PC or device you are using.

The average computer is stuffed full of web history, usernames for sites and even the passwords you use to access them. Any one with even a simple computer forensics tool can pick up a huge amount of data from your home PC that you were probably unaware even existed.

For example - try this program Systems Information for Windows, just download the free version and have a look at all the information and passwords it can extract in a matter of seconds.

Here's a sample it picked up from one of my computers (obviously censored!). Each line is a web site and password used to access that site. That's just one page from this computer and it picked up about 5 pages full of personal details, account names and passwords.

The sort of passwords it can pick up are as follows -

Windows Logon Passwords
Screen Saver Passwords
RAS and Dial Up
Outlook
Internet Explorer
Firefox
Chrome
MSN and other Messenger Clients
Wireless ( WPA/WEP/SSID) Keys
FTP Usernames and Passwords

Plus quite a few more, all stored on your local machine and easily accessible. I urge you to have a look and see what sort of details it picks up from your own machine. You'll probably find Amazon, Paypal and Ebay accounts all plainly visible.

Remember this is the free version of some software that you can download in minutes. For a few bucks you can actually download much more powerful versions of similar software used by forensic scientists and investigators.

Just imagine if you were a cyber criminal in need of a few bucks. What would you find by running this program on one of those Cyber Cafe computers or perhaps a Hotel Lobby computer people use to check their emails and bank accounts? Lots of potential for raiding an account or perhaps some identity theft armed with some personal details, a password to your email and Ebay account. Even if they pick up a username and password to a fairly harmless website, how many people use the same user names and passwords for all their online accounts?

Of course if you search this blog you'll find tips and tricks on how to surf securely. Using the privacy modes available in most new browsers will stop a lot of this information being stored locally. That's of course if it isn't there already !

New UK Surveillance Laws

2012-06-14T17:01:00.001+01:00

It's that time again, when the UK Government start trying to increase the level of surveillance in this country. It doesn't seem to matter which party is in power, whatever promises were given, the UK Government has an overwhelming desire to spy on it's citizens.

The latest bill being presented by the Home secretary is here - Draft Communications Bill but of course it's not a riveting read. It basically requires that all internet, email, phone communication is stored for a period of a year and gives powers to certain agencies to access that data when required.

So details of every web site you visit, every SMS you send, every Facebook update or forum post you make is recorded for 12 months in case a Government agency decides they need to see it. There has been some slight watering down from the crazy Labour complete database proposal Intercept Modernisation Programme - for instance now the local councils won't have access to this data by default.

But don't worry they have explained that the data will be very secure and only accessed in very few situations. Here's a list of situations when your Internet logs might be examined -

(a) in the interests of national security,

(b) for the purpose of preventing or detecting crime or of preventing

disorder,

(c) for the purpose of preventing or detecting any conduct in respect of

which a penalty may be imposed under section 123 or 129 of the

Financial Services and Markets Act 2000 (civil penalties for market

abuse),

(d) in the interests of the economic well-being of the United Kingdom,

(e) in the interests of public safety,

(f) for the purpose of protecting public health,

(g) for the purpose of assessing or collecting any tax, duty, levy or other

imposition, contribution or charge payable to a government

department,

(h) for the purpose, in an emergency, of preventing death or injury or any

damage to a person’s physical or mental health, or of mitigating any

injury or damage to a person’s physical or mental health,

(i) to assist investigations into alleged miscarriages of justice, or

(j) where a person (“P”) has died or is unable to identify themselves

because of a physical or mental condition—

(i) to assist in identifying P, or

(ii) to obtain information about P’s next of kin or other persons

connected with P or about the reason for P’s death or condition

Let's face it, anyone with any imagination could probably find justification under one of those headings for pretty much anything without too much trouble.

Of course no other democratic nation feels the need to extend this level of monitoring over all it's citizens. Maybe that is because of the huge, total and complete flaw in this proposed surveillance

It's simple to bypass surveillance which means the bad guys can opt out !!

People who want to keep their privacy can avoid pretty much all of it by using encrypted connections, secure proxy servers, VPNs, security programs like Identity Cloaker or even just surfing the internet through someone else's Wifi connection. The real criminals and terrorists will do all this and more - they'll swap files and information through the Darknet, they hide their tracks using TOR and other non-internet based communication medium.

The result will be that the vast majority of terrorists and criminals won't be under surveillance just the huge majority of law abiding citizens who have nothing to hide. It's effectively introducing a Big Brother state, destroying everyone's privacy - spying on the population because they might just catch a few extra stupid terrorists.

Remember even before these proposals the police and security agencies can already get access to your emails, tap your phone and eavesdrop on your telephone conversations. We are already resembling the sort of surveillance states like Iran, Syria and China were personal freedoms take second place to State control.

We all know that slowly the line will be blurred about what sort of use this data will be used for. We all know that someone somewhere will lose this data or leave it on a bus or a Soho nightclub. We also know that the IT project to make it happen will cost a fortune, go hugely over budget and probably not work properly for years to come.

The Sad Tale of Uncle SMS

2012-05-09T15:01:00.000+01:00

If there's one law that would turn me into a republican pretty quickly it's that of Lese Majesty which is the crime of violating a sovereign ruler. It has it's origins in Ancient Rome and is based on their law of "injured majesty". It still exists on the law books of many countries including some in Europe but fortunately it is rarely used in the democratic nations. The last documented case in the UK was in 1715 for example.

Unfortunately Mr. Amphon Tangnoppakul (also know as Akong) did not live in a European democracy he lived in Thailand and on the 23rd November 2011, this 64 year old man was sentenced to 20 years in prison. The reason - for sending 'insulting text messages' regarding the Thai royal family to the personal secretary of the previous president. That's five years imprisonment for each and every SMS message that was allegedly sent!

Akong was dubbed Uncle SMS by his supporters and the various Human rights organisations who lobbied for his release.

If this sounds implausible and ridiculous, it's made even worse by Amphon's insistence that -

He never sent the texts
He doesn't Own the mobile phone used.
He doesn't know how to send an SMS

It seems likely he was completely innocent of the accused crimes but it's not likely that would have much bearing on his trial in any case. This is of course Thailand - a place described by the social commentator Sulma Suvaraks as

.... now in Thailand there is no respect for either the constitution or human rights

However the sad end to the tale is that yesterday on the 8th May, 2012 Uncle SMS's ordeal came to an end - he died in custody.

He had spent the last 20 months of his life in police custody on these ridiculous charges, the man who was suffering from oral cancer was denied bail 8 times on the grounds of the seriousness of the charges and that this old, sick man was liable to abscond. RIP Akong - he lost his life and his family lost a husband and grandfather to a stupid law intended to protect the honor of the Thai Monarchy. To be honest it doesn't look very noble or honorable from where I'm sitting.

You can read more about this story here -

Asian Human Rights Commission - Amphon Tangnoppakul

Interesting Essay on the Lese Majesty Law

Identity and Authentication Credentials - Cookies

2012-03-24T16:10:00.002Z

One of the big issues that every web site encounters is how to authenticate and identify it's users. In the physical world there are lots of straight forward options for doing this - you might have a security pass at your place of work or you may use a library card to borrow books against your name.

In these situations it's the physical credential that is important, you are allowed to borrow books based on the possession of a library card. You can walk passed the security desk because you're wearing a security pass or badge.

But how does this work in the digital world ?

Well it's actually very similar but obviously the credentials can't be in a physical form. The premise is the same - the credentials are presented, if these are authenticated then the owner is allowed access. Online authentication systems require the same sort of credentials as are used in the real world - i.e they need to possess one of the following requirements:

Something you know
Something you have
Something you are
A combination of the above

These are known as authentication factors and the more a system has then the higher the level of security. In security terms you'll hear expressions like Two factor authentication - such as an ATM machine. To get your cash you need a bank card (something you have) and a PIN code(something you know) in order to withdraw cash.

One of the most common authentication credentials used online is of course the cookie. Most people of course will have heard of these but it's often overlooked the huge power of this particular identity credential.

So what exactly is a cookie ? Well it's defined in the Hackers Dictionary as a handle, transaction ID, or other token of agreement between cooperating systems.

It's just like the ticket you are given by the cobbler when you leave your shoes to be mended. The ticket is only useful for one thing - for you to retrieve your shoes after they've been mended. It's just like a cookie - a record of a specific visit or transaction.

Online these cookies are exchanged between browsers (like Firefox or IE) and the web servers that people actually visit. Linking together transactions and people in the digital world just like the ticket for your shoe repairs

For example say you visit a website called www.surfing.com for the very first time. The owners of this web site want to see who visits their site so have configured their server to pass a cookie to every person who visits. The cookie is in the form of a little text file which unique information about your visit. The browser stores the cookie in a file on your computer - this file will be accessed every time you visit that web site again.

So here's the chain of events -

The server asks my browser to store some information for it.
The server supplies the information that is to be stored.
The browser stores the information in a text file on the computer (chosen by the browser).
The cookie doesn't contain any information about me (only my visit)
The cookie is a merely information (it can't be run or access anything on the computer)
The cookie is supplied back to the web server every time I revisit the site.

If it sounds quite simple, it's because it is. The primary aim is to identify subsequent visits by the same user over time - something that HTTP can't normally do because it is classed as a stateless protocol.

In practice it's used for remembering who you are, filling in online forms, remembering your password or the selections you made on the last visit. They are designed to make your visit to the site more rewarding and simpler of course if you'd rather be anonymous most browsers can be configured to not accept them.

They can be configured to do a host of other things though in certain circumstances which I will cover in a separate post. In general they are quite benign though and the chances are you probably have hundreds of cookies sitting on your computer at this very moment!

How to Watch Iplayer on the Ipad Abroad (E.g. USA)

2012-02-24T16:21:00.000Z

I've had an Ipad for a few months now without knowing much about it. The main reason is that my family love it, they use for browing the web, watching movies, playing games - in fact it's almost always in use. But I kept getting emails about whether you could use Identity Cloaker on it to watch TV, connect to banking sites safely etc.

So I checked it out and it's surprisingly easy to do as the vast majority of the secure servers have VPN functionality enabled. So all you need to do is to set up a simple connection to one of their servers and enable it whenever you need it.

How to Watch Iplayer in the USA Using Your Ipad

So you've probably found anywhere outside the United Kingdom, that the BBC Iplayer application won't work (unless you get the overseas subscription version). The reason is that the site checks your IP address to see where you are based - all Non-British ones get blocked. It happens on most big media sites - Non US are blocked from Hulu, ABC and Pandora for instance whilst Non-French can't use the fantastic M6 Replay channel.

The solution is easy on the PC you just use something like Identity Cloaker to hide your IP address. Here's how you do it on the Ipad (Mac is similar).

Select Settings
Select General
Select Networks
Select VPN

You should then find yourself here -

You can see I've already set one up here for a US connection to access Pandora but you need to click Add VPN Configuration. You'll then be presented by this rather technical looking screen but don't worry it's very easy to complete.

You need to leave it on L2TP at the top and then fill in the following. You'll need to get a couple of pieces of information direct from Identity Cloaker as they haven't published this yet.

Description - Give it a name like UK VPN, US VPN then you can select quickly which country you need
Server - Drop Identity Cloaker an email for a list of enabled VPN server names
Account Name - Your IDC Username
RSA SecurID - Ignore this
Password - Your IDC password.
Secret - Drop Identity Cloaker and email and Ask for the VPN Secret Name

That's the hard bit done, next click Save from the top right hand corner. Next You need to enable your VPN.

To do this you simply select the VPN configuration you needed, so for a US based Ipad you'd connect to a UK VPN to watch BBC Iplayer. Just Turn the VPN Button to on and it will connect to the configuration you selected. As long as you put all the details in correctly it should work straight away.

The status will change to connected and in the top left hand side of your Ipad it will show that the VPN is connected like this.

Whilst this connection is enabled all your traffic will be encrypted and diverted via the server you are connected to. If you're just using it watch a media channel like BBC Iplayer or Hulu, then it's best to disconnect after you've finished watching.

If you haven't got Identity Cloaker yet, it's probably best to try the 10 day trial first to see how you get on with it. Any questions let me know and I'll try and help although IDC support guys are way better than me!

Iranian Internet - The Noose Tightens

2012-02-11T16:47:00.000Z

The 11th of February is a special day for Iranians, it marks the day when the revolution overthrew the last of the country's monarchy. It is the day they celebrate the establishment of an Islamic Republic, however it's not the celebration that the regime are concerned about. The day is often used for protests against the despotic Government who currently run Iran.

Like all unpopular and brutal regimes they are concerned the way the internet allows people to coordinate protests. Unfortunately like China, Iran has the technical resources to control and block access to the web. Many of us think that the end game for these countries will be a national intranet with the country effectively cut off from the rest of internet. It is the only way they can guarantee control of what the population sees and says online.

But for the moment that hasn't quite happened but it's getting closer. Here's what many Iranian users are seeing when they attempt to access Facebook, Gmail and hundreds of other secure sites.

Now normally for lots of people this wouldn't normally be a problem. Most Iranian web users are well used to online oppression as well as real life and are skilled in the use of proxies, VPNs and other related anonymity services like Tor. However we are hearing a variety of reports currently (11 Nov 2012) that wholesale blocks of secure sites are taking place - which make using these tools difficult. It's not just simple tactics to restrict access to Facebook.

However there are worrying signs that there is an increasing sophistication to the filtering technologies being used. China has been using Deep Packet Inspection (DPI) for some time, recently developing a system that can actually analyse and block assess to Tor for example. It looks like Iran is going down the same route, there is evidence of Packet Inspection here - detecting when SSL handshakes take place then selective blocking of IP addresses and ports related to these.

This packet inspection is by far the most worrying development from a technical level. If the Iranian regime really have installed a National capability of looking inside a packet to detect not only the SSL handshake but also comparing against specific signatures of anonymity networks like Tor - this is going to make communication much more difficult and dangerous. It means that the Iranian regime can specify which specific secure sites can be used. So they could allow sites like banks and Government sites whilst blocking anonymity and social networking sites for example.

The Iranian user could find the internet getting smaller every day for them - already accessing thousands of sites are redirected to the regimes preferred web site - Peyvandha which was created in 2010.

I don't speak Persian but I'm guessing it won't be quite as fun as Facebook. You should also be very careful what you say! The site consists of the Governments recommended links and suggested web sites and is currently one of the most visited sites in Iran (although mainly because so many users are redirected here!).

Anyway the reports are mixed at the moment, one minute the selective blocking, the next wholesale restriction on all secure sites. It is unsure whether this will just happen over the revolution celebrations to stifle protests - although most fear the worse for the long term in Iran.

The Dangers of Social Networking for Activists

2012-02-02T11:03:00.007Z

There is no doubt that social networking sites have proved a major weapon for activists who wish to expose oppression of their governments. But this freedom comes at a price, a huge risk to those posting, filming or even appearing in such evidence.

Take this video for example illustrating the barbaric behavior of the Kazakhstan police (be warned it's very disturbing)

Although the benefits of exposing this brutal behaviour of the state police is obvious, many people do not consider the risks involved in both filming and posting up this sort of evidence. There is a widespread and somewhat naive belief that authoritarian governments and their security services take little notice of the risks placed by social networking sites like Youtube, Twitter and Facebook - nothing could be further from the truth.

The idea that individuals from places like Iran, Kazakhstan or Syria can operate freely online without restrictions or risks is simply not true. This form of Cyber Utopia simply doesn't exist and anyone who posts evidence such as the video above puts themselves at a huge risk. Tracking people from their digital activities is easily done with the right resources - and trying to remain anonymous online is much more difficult than most imagine.

The above video was posted by Saule540 now we don't know if she was aware of the risks they took but we do know that very soon after the Kazakhstan security services had identified and raided the apartment the video was taken from. Thankfully the occupants had fled - we wish them luck.

Hide Your Tracks Online

The reality is that all these sites are heavily monitored and it is extremely difficult to cover your tracks on them. Infiltration of an online group or obtaining the contact list of a known activist from a social networking site will give security forces thousands of suspects to pursue.

The actual images or videos also place the people depicted at great risk. Imagine you took a video at an event or protest to illustrate the violence of some police or security forces. It would of course bring such events to world notice but it also could provide information on all the protesters taking part.

There are many very advanced facial recognition technologies available to regimes who want to identify protesters. Also it is common for authorities to set up web sites with images copied from these videos and pictures in order to identify activists.

One application which has been developed in order to attempt to help mitigate this risk is called Obscuracam developed by a trio of organisations - WITNESS, The Guardian Project, and the International Bar Association. Currently available on Android it's a free application which allows users to censor their videos and photos before uploading.

As you can see it enables users to obscure the identities of subjects quickly and easily from their phone without the need for photo editing software which simply might not be available. It can also be used to obscure any other visual information which may be best concealed.

There are other features allowing the user to specify secure areas to upload the images and also to remove metadata from the image.

You can get ObscuraCam from the Android market or from the Guardian Project Link above. Hopefully it will make the brave activists who stand up to these repressive, violent regimes a little safer.

It's important to be aware though that almost every government (oppressive or not) has significant resources monitoring these social networking sites. Be careful what you post up online wherever you live.

How to Wreck the Web - Protect IP Act

2011-12-20T15:58:00.001Z

The internet has changed all our lives, it has made the world much smaller and enabled communication like no other technology in human history. In it's infancy the web was relatively free of censorship, we could all see the same stuff, communicate without restrictions and share ideas and thoughts without limits. This allowed a huge burst of creativity and the number of amazing resources available online grew exponentially.

Now of course many people didn't like this, people with certain political, religious or economic agendas would rather you just subscribed to their particular view of the world. There are of course obvious examples - China has it's infamous Great Firewall of China which blocks huge swathes of the internet, dictatorships like Iran and Syria block access to thousands of webs sites which encourage free speech and the exchange of ideas. Even democratic nations like Turkey block access to lots of web sites including Gay and Lesbian networking sites and forums. If a Thai citizens says something bad about the Thai Royal family online and he'll be looking at a jail sentence. Still worse there's North Korea which basically has shut down everything so that it's people can't see how much better other people are treated by their Governments.

But of course the internet has still grown, for those people in countries which filter and censor there are options like Identity Cloaker and other VPNs to bypass the often hopeless technical restrictions and surf where they please. In some places just a change of your DNS settings is enough to sidestep the blocks. A simple knowledge of the Basics of SSL will also go a long way.

However ironically there is a much bigger threat to the internet looming and it's not driven by some mad, despotic leader who wants to control a population - no this one is driven by money and the entertainment industry.

The reason that the web has such greats sites is partly because it was allowed to develop relatively unhindered. Obviously this has had it's down side with cyber crime and paedophiles learning to exploit and utilise the network for their own means. But on the whole this unregulation has allowed fantastic sites like YouTube, Facebook and Twitter to grow quickly into the global resources they now are. This could be about to change and it's in the form of a piece of short sighted and dangerous legislation called the Protect IP Act which is in danger of being passed in the USA.

If you haven't heard of this - then I urge you to watch this video.

Truly scary stuff and although it will no doubt make the entertainment industry richer, the end result will be handing over a powerful mechanism for the establishment to control the internet.

Who's going to invest in creating a new social networking site with the risk of expensive litigation simply if a user posts a video, link or picture that is under copyright. It's a huge hammer blow to any sort of innovation or investment to any web based business, even though it's a US law the implications will affect most of the internet.

There are many practical implications to this - almost all of them bad, but here's one for illustration.

A band discovers that a popular social networking sites has links to bootleg copies of their concerts.
The bands lawyers petition the Government under the bill for an injunction against the site.
Government lawyers will give the internet providers 5 days to 'block access' to the website to their subscribers.

So that's all it takes for an foreign website to get filtered to the US. If it's a commercial venture the block will possibly cripple a business. The potential of abuse is of course incredible.

If you're in the US then any Film, Music or Media company has the power to decide what you have access to online.

The US is in danger of becoming a parody of everything it stands for, the Iranians are censored by a dictator, the Americans by Movie producers and rock groups! This bill is happening now!

Bye Hitch - Death of Christopher Hitchens

2011-12-17T00:26:00.002Z

For once nothing to do with internet privacy or anonymous surfing, just this.....

Whatever your beliefs or politics, the world is a much, much duller place now Christopher Hitchens has gone.

Bye Hitch...........

Carrier IQ - An Electronic Spy on Your Android

2011-12-01T12:22:00.001Z

Well for the paranoid of us, this comes as no real surprise - would you be shocked to find out that your shiny Android smartphone comes complete with a digital spy. The electronic equivalent of a private detective monitoring your every move, logging your calls and text messages and even monitoring each web site you access. Why would a company do this - well here's their answer -

“gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”

Are you convinced that's a good enough reason to monitor absolutely everything that you use your phone for? Well the company concerned is called Carrier IQ and for a demonstration of what's exactly happening I urge you to watch this video - an investigative piece by Trevor Eckhart.

Now of course it could be argued that this is not an official part of the Android OS but just an nasty little spying kit set up on millions of Android devices without the knowledge if the owner. For you Android users, do you remember being asked if it was ok for all your web browsing, calls and SMS messages to be logged by a secret marketing application running on your phone. You don't - are you sure??

Of course many will accept this privacy invasion as part of the deal with new technology, they accept that without expense and anonymous surfing software, that they will have no privacy whether on phone or PC - it's just a price to pay for progress. But for others it represents a real threat to privacy and free expression. Funny that the company concerned have responded with legal threats including a demand that he replace his research with a statement written by them. Does this sound like a company you want to send a detailed profile to. Do you trust that a company that will install logging software which is practically impossible to remove and runs quietly in the back ground?

The Carrier IQ debate is going on strongly now. The company will no doubt deny everything but the evidence looks pretty damning. What is this information really being used for - I would suggest profit. The information is a goldmine to a sleazy marketing company who want to sell lists of highly profiled users to well other sleazy companies ready to buy and exploit this.

Anyway I urge you to watch the video, it's not too long and to follow the debate. I think this one will continue for quite a while.

Can Google Control Your Life?

2011-11-07T14:52:00.003Z

This sounds a silly thing to say, but there are many web companies who really do have quite a lot of impact on your life especially if you use the internet a lot. Let's take Google for example, whose 'raison d'etre' is as follows

Google's mission is to organize the world's information and make it universally accessible and useful

Which sounds a perfectly reasonable and responsible aim for a search engine company to have don't you think. A big electronic librarian creating some sense and order out of all the information on the internet. You certainly couldn't see any way that statement could in any way control your life or even a small aspect of it. Unfortunately the reality of our digital lives is that all these companies can have much more influence on your life than you would expect,

In 2010 the Google Vice President Marissa Mayer said that someday soon the company wants to make the search box obsolete. Their goal is to search out what you want or need automatically, your smart phone busily working in the background looking for information you might need before you know you need it. Of course they haven't a hope of doing this without knowing an awful lot about you and your preferences.

For those of us who like to restrict access to our details and surf anonymously then it's obviously going to be much more difficult. But those who dutifully fill in their Google profiles, click +1 on their favorite web sites then Google will have way more information on you and what sort of person you are.

Companies attempt to create this digital version of you in different ways - Google relies heavily on profiles, web history and click signals. A click signal is simply analysing what you actually click on.
For instance if in your search results you are shown advertisements for a remedy for male baldness, then the algorithm can make some assumptions based on this. If you frequently click on such advertisements or search for related information there are some pretty heavy signals that you are not a twenty one year old female student. Gradually and often subtly the search engine is building up a picture of who you are and what you like.

Of course this is one of the reasons that some of us who would rather prefer a little more privacy are concerned about this. Most people I would imagine would not be aware that they are slowly being profiled by others based on what they search for on the web. But this data is of primary importance to Google - who use it to base what you see in Google News, advertisements it displays etc.

Another worry is that this digital version of you - is being compiled by computer algorithms created by search engine programmers, so it's not necessarily accurate. Worse still the expectation of privacy can be dangerous if you're not aware of the issues. For example if you share a computer and a profile with your family - the results being displayed on Google News for all of you are personalised based on what you do on the internet. Imagine the implications for some one with a difficult problem that they were not ready to share.

But although there are many privacy implications with the creation of this digital identity, it doesn't really mean than Google can control your life. But just think if we expand the question to include a social networking site like Facebook which also heavily profiles it's users. Then a user might have a huge part of their life tailored to this digital identity. Facebook bases your environment on what you share, like and interact with - here's some of the adverts I get at the moment.

Boring huh, these are based on me being a thirty plus man, with an interest in environmental issue and often interacting with investment and money sites. I could soon alter those advertisements by changing my age and interests in my Facebook profile or by liking a few different things. Try it, change your profile and watch your adverts change!

So two environments Google and Facebook which I would guess some people spend many hours a week in. It's not hard to imagine how this might slowly have an impact on someone's life. Here's a just a couple of 'made up scenarios' off the top of my head but I'm sure you could think of more.

A young girl concerned about her weight would be constantly shown adverts, web sites and products relating to weight loss and weight issues - sublimally reinforcing her concerns and perhaps in extreme cases causing a health issue like anorexia.
A recovering alcoholic may be constantly served up lots of adverts or web pages based on drinking and drinking culture based on their previous web history.
A young student who is interested in Greek history get's served up advertisements for colleges and universities specialising in Ancient history. They click on an advertisement and several years later complete their degree at that college.

I put the last one in to highlight of course that there are positive aspects to this sort of digital personalisation. But it certainly illustrates well the sort of effect that your web experience can have on your real life. Lots of us spend many hours a day in an online environment - one which is being heavily customised based on our digitial profile - they could certainly affect if not directly control your life.

Kazakhstan and The Internet War on Terrorism Continues To Usurp Freedom of Expression

2011-10-20T16:31:00.000+01:00

It is no surprise to read about Kazakhstan and the internet war on terrorism. Kazakhstan and its people have seen many changes in the years since the breakup of the Soviet Union in1991, democracy being one of those changes.

Although the Kazakhstan government is attempting to change, it is often difficult to dismiss the familiar, which is the case with Kazakhstan‘s attempts to introduce democracy in a land that has never known democracy. For three thousand years, nomadism, tribal warfare, Mongol dynasties, foreign domination, and Soviet communism have ruled Kazakhstan.

If the internet and blogs had been around when the communist apparatus fully integrated Kazakhstan into the Soviet system, Stalin would have banned them, which is not unlike what is occurring today with Kazakhstan and the internet war on terrorism.

In 2007, authorities arrested a Kazakh philosopher, charging him with writing an email questioning Kazakhstan's close relationship with Russia. The government claimed the email was inciting racial hatred. The philosopher claimed he had only been expressing his personal views.

Security officers broke into his mailbox and removed some letters that they later presented as evidence in court. This action was in direct violation of Article 18 of the Kazakhstan Constitution granting citizens the right of privacy in personal correspondence. However, they still confined the man to a psychiatric institution.

In an effort to build up a positive image in the West, in 2007 Kazakhstan made a bid to chair the 2010 Organization for Security and Cooperation in Europe (OSCE), which would be focusing on security issues that year.

Because of Kazakhstan’s dismal human rights record, OSCE members and human rights groups argued that Kazakhstan would be an extremely controversial choice, which is exactly why it lost its chairmanship bids in 2005 and 2006. It's hardly surprising given this context that most web users ensure they use security software to ensure their anonymous surfing as a matter of course.

In response to the concerns about Kazakhstan's poor record, then-Foreign Minister Marat Tazhin pledged that the government would improve human rights practices and amend its media law to allow more media freedom while not losing its focus on Kazakhstan and the internet war on terrorism.

Watchdog groups repeatedly questioned Kazakhstan’s vow to uphold OSCE’s commitment to human and civil rights. Their suspicions proved correct. In spite of the pledge, freedom of the press increasingly diminished throughout the year, and in 2009, Kazakhstan passed a restrictive internet law which it used to intimidate bloggers and block websites. In addition, the government closed down two independent newspapers while allowing a journalist to remain in prison.

The law categorized websites as mass media outlets. In the interest of state security, with obscure language and extremism statutes, the law granted authorities greater freedom to shut down sites. On March 1, 2010, the Kazakhstan government declared a computer emergency and established a response team.

Kazakhstan Banned Livejournal

In addition, the government announced it was compiling a blacklist of destructive websites. It further reported that KazakhTelecom and NurSat, Kazakhstan’s largest internet service providers, had repeatedly obstructed access to the LiveJournal.com blogging platform. In the case of Kazakhstan and the internet war on terrorism, one of these old adages might fit: “The apple doesn’t fall far from the tree.” Or, “Old habits die hard.”

During all of 2010, the government continued to make empty promises to correct its human rights violations relating to cyberspace. Despite diplomatic efforts and media scrutiny on the freedom of expression situation during Kazakhstan’s year long OSCE chairmanship, and notwithstanding amendments offered in January 2011, the legal regime of internet suppression remains unchanged for the most part

Based on Kazakhstan’s history of controlling personal emails, it is no wonder

Kazakhstan is considering forcing internet cafes to monitor their customers’ use of the web, which human rights organizations say is cyberspace censorship by the ex-Soviet state. The government, on the other hand, claims the new regulations are an attempt by authorities to cut off the steady stream of literature and videos that militant Islamists produce that serve to foment extremist violence.

A Kazakhstan court recently blocked access to LiveJournal.com, a popular Russian blogging platform, claiming Islamic extremists had been using it. The Kazakh Interior Ministry contends that most information technology crime occurs in internet cafes where criminals and extremists congregate.

For this reason, authorities are now considering monitoring internet café clients by using software to collect data showing the time of a customer’s work and the IP address used. The proposed regulations may also require internet cafes to install cameras to video tape customers.

Because Kazakh citizens living outside of major cities are beyond the reach of the internet, only a minority of people can currently access the web. However, with increased numbers of citizens wanting to access blogs and social networks, Kazakhstan’s relationship with the internet remains a complicated one, requiring the government to buttress internet usage and improve the telecommunications sector while at the same attempting to monitor and suppress online content.

Long before the current internet law was enacted, a plethora of legislation (300-plus acts controlling information and telecommunications) was already passed into law placing limitations on internet content. Therefore, Kazakhstan and the internet war on terrorism will continue for some time into the future.

New Zealand’s File Sharing Law Violates Civil Rights

2011-10-06T13:13:00.000+01:00

New Zealand's file sharing law is actually a replacement of Section 92A of the Copyright Act. Fortunately, New Zealanders vehemently protested against the draconian measures outlined in Section 92A of the original law introduced in 2008.

It wasn’t oppressive enough that Section 92A called for internet suspension based on accusations of copyright infringement, the law stipulated disconnection would take place without being awarded a trial and without submitting any evidence in court. If people had not written letters to the appropriate ministers and complained in numbers, the law would have gone into effect on February 28, 2009.

To show solidarity and to inform the public about the implications of Section 92A, a group of artists formed Creative Freedom Foundation. Protesting New Zealand’s file sharing law via social media like Twitter, CFF led a week-long internet “Blackout,” which lasted from February 16-23. The blackout attracted Twitter's topmost tiers, including a British TV personality. The nonprofit also promoted the movement on New Zealand television and radio stations.

The Foundation objected vociferously against the “Guilt Upon Accusation” portion of the law as well as the penalties associated therewith. The National Business Review joined the protest and pointed out that in actuality the law meant that one person’s bad behavior could destroy an institution.

As a result of the enormous public outcry, the government delayed implementation to allow for government reconsideration. On March 23, 2009, the government voted to throw out Section 92A and proposed to completely rewrite the section.

In response to the widespread objections to New Zealand's file sharing law, Parliament repealed that section and replaced it with Copyright (Infringing File Sharing) Amendment Act 2011, which officially went into force September 1, 2011. However, in August, P2P network monitoring had already begun. The replacement, with a continued intent to reduce illegal file sharing, replaced Section 92A with a “three-notice” regime, a $15,000 fine, and a six-month suspension of the internet.

The main focus of the rewrite was the three-notice process, which serves to educate the public about illegal file sharing while providing effective ways for copyright owners to enforce copyrights. It further assured file sharers they would receive adequate warnings that unauthorized sharing of copyright material is illegal.

Although the “three notice” regime is a gentler term than the more commonly used term of “three strikes,” the end result is the same. Copyright owners will be able to claim damages and request that the internet subscription of the file sharing infringer be suspended.

The element most faulted in Section 92A was the accused not being allowed the right to reply to an accusation. The new Act extends the jurisdiction of New Zealand’s Copyright Tribunal to hear both sides of the argument and to rule on cases of alleged infringement.

The government now gives account holders a reasonable amount of time to stop infringing before the enforcement phase takes place. The bill stipulates definite time frames so account holders are able to effectively address illegal file sharing activity happening on their internet connection. In addition, account holders also have the opportunity to challenge notices, and they may ask for hearings at the Copyright Tribunal to contest infringement claims.

Other than complaints about suspending internet accounts, the following have improved New Zealand’s file sharing law.

Replaced the far too broad definition of ISP (Internet Service Provider), which would have changed to include almost anyone with a shared connection or website. ISPs now include any organization, business, school, library, or government department that provides internet services. The new law reads, “IPAP” (Internet Protocol Address Provider).

Accused copyright infringer now has an opportunity to defend himself against the accusations.

Does not require ISPs to be the responsible party for deciding about disconnection; just required to transfer messages between accuser and accused.

Greater respect for account holder’s privacy.

Even though improvements were made to New Zealand’s file sharing law, the Act still has some major problems:

Holds the person whose name appears on the internet account responsible for all activity by any user of that connection. People will be responsible for everyone living in their domicile, parents will be responsible for their children, libraries will be responsible for their free internet terminal users, and businesses will be responsible for their employees. Simply sharing an internet connection can put a person at legal risk.

Presumes the accused is guilty until proven innocent. Unless the account holder can disprove the accusation, the Copyright Tribunal is expected to believe the media companies’ accusations. Even when accusations are proven time and again to be inaccurate, there is no penalty for making a false accusation.

Because disconnecting internet users for any reason limits the type media that individuals are allowed to use to express themselves, a UN report concluded that it is a violation of a person’s civil and political rights. Some UN officials were alarmed at the disconnection proposals in New Zealand's file sharing law and said that an individual’s internet access should never be terminated for any reason, including copyright infringement.

Having Trouble Watching the BBC Outside the UK ?

2011-10-03T08:54:00.000+01:00

I travel a lot and when away there are two main Internet sites that cheer me up without fail - BBC IPlayer and Pandora. Unfortunately using the BBC outside the UK and Pandora outside the US are actually quite tricky because they will only work with a UK or US workstation respectively.

Fortunately because I always surf through a secure proxy on the Identity Cloaker network, this doesn't really matter to me as my location is defined by whichever proxy I am surfing through. So I simply select a UK server for watching BBC IPlayer abroad.

Identity Cloaker is the most sophisticated security software on the internet, it allows you to surf completely protected via a network of private proxies across the planet. These are fast, secure properly run proxy servers not the free slow ones infested with viruses that people normally try to use !! You might have also seen the dedicated VPN and proxy servers promoted to watch the BBC or other online TV stations - they are very often simply a single server set up quickly. Why? Simply because when the BBC legal department threaten them (which they usually do), they end up disappearing suddenly.

So when I am in Turkey and want to watch - I simply connect via a UK proxy and watch BBC Iplayer, if I want to listen to Pandora outside the US I just select one of the US proxies. It doesn't matter where I am as long as I have a working internet connection, because it's encrypted I can watch from anywhere. The same goes for a TV channels in lots of other countries as they have Australian, Canadian, German, French, Irish and a host of other proxies in addition to the huge number of UK servers.

Anyway I have made this rather bad video to illustrate how I access the BBC Iplayer abroad. I'm afraid I don't do the ease of this any justice with my video though, the best thing about the Identity Cloaker to access these programs is the huge choice of proxies and their speed. If you've ever tried using Iplayer through a free proxy you'll realise how painful it can be.

Using BBC Iplayer Anywhere

I've never used the video software before so apologies for the amateurish video editing. I just wanted to make sure people were able to see how easy it is to use this security software. There are dedicated services for just watching BBC Iplayer that cost well over twice the price of Identity Cloaker, they offer just a single proxy server to do this - Identity cloaker has proxies all over the planet and dedicated software to control and protect your connection, from an icon in your taskbar.

It takes a minute or so to install and then you just point and click.

*** You can actually watch BBC Iplayer on your TV through most gaming consoles now, the Wii works great with Identity Cloaker straight onto your TV, read my post here Wii Iplayer ***

*** Identity Cloaker now has a facility to turn off encryption, you can use this to speed up video streaming such BBC Iplayer from the UK Proxies ***

It is actually a fundamental point of using a proxy abroad, your IP address defines who you are and what you can see. So if you surf via a UK proxy this is how any web server you visit will see you also exactly the same as a UK Internet surfer. Because Identity Cloaker has fast proxies in lots of other countries you can use it to access similar restricted broadcasts in Sweden, Germany, France, Canada, US and many others. If you like music try Pandora for an awesome US only radio station - just select the right countries proxy and you'll be away.

Of course you can use this method by using a free proxy but most are unsuitable for watching videos from BBC Iplayer outside the UK as they are so slow, but PLEASE remove the proxy before you start doing any other surfing remember free proxies are mostly hacked servers and your details are not safe being passed through them !

So can you use BBC Iplayer anywhere?

Pretty much, as long as you pick one the UK proxies, it manages your connection in the background and encrypts you connection. You can even run it from a USB stick if you remember to take your login details with you, watch it through firewalls and when countries try to censor what you watch.

If you travel a lot it also means you can access lots of other sites which have country restrictions stopping you watching the BBC IPlayer abroad. For instance I can access UK poker and casino sites from the States who would normally block an American IP address, Turkey often block Youtube and social networking sites but Identity Cloaker users just bypass this.

Anyway I'm off to Turkey in a few weeks and I'll be keeping up with all the latest BBC programs watching BBC IPlayer abroad via Identity Cloaker.

In a few minutes you can be watching your favourite BBC shows through a safe, fast and secure proxy

If you like to watch or listen to any UK TV shows and you spend any amount of time abroad, you'll find it a fantastic investment. The software is simple to work and you just pick a proxy to connect to and off you go, remember free proxies are very slow and many are full of viruses. If you do manage to find a safe, fast free proxy server to watch the BBC Iplayer on, chances are it will be gone in a day or so.

The ability to watch media is not advertised on the web site but drop them a line if you want to check, the support staff are very responsive and will check out problems with any channels - BBC is pretty straight forward but ITV, Channel 4 and some US channels need to use the Open VPN settings in the program. Be very careful of companies who do advertise this TV facility openly, they frequently disappear overnight, after legal threats from the media companies themselves i.e. BBC, Hulu and ITV etc.

Why not treat yourself here to 10 days of the BBC Iplayer with the Identity Cloaker trial to check it works - for the price of a coffee and sandwich you'll be impressed I'm sure!

Use the Open VPN Mode when Proxy doesn't work

I have just added a contact me address at the top of this page, if you are unsure about anything - please drop me a line, I am happy to help with any questions if I can, if you have any comments on their service I'd like to hear them!

There's a 14 day Money back guarantee on the software so you can't lose really -it's a proper professional solution that needs no skills, you select the UK proxy and you'll be watching BBC IPlayer abroad or wherever you are in no time.

For those who want to use Identity Cloaker with an Ipad, Iphone or Ipod outside the UK then here are the instructions - Using Iplayer on an Ipad abroad

The Deep Web - The Hidden Internet

2011-09-06T16:32:00.002+01:00

You might think that you know your way around the internet. Asked a question and most of us could have a pretty good stab at it via a Google search, Yahoo or a trawl around Wikipedia. But in reality if these are your normal gateways to the net then you're missing a huge proportion of the websites that are actually online.

There are in fact two World Wide Webs, the normal 'surface' web sites which will all appear when you search through social networking sites or search engines - the second an underground, hidden web that you can't access through those means or with a standard web browser. They go by a variety of names such as the Darkweb, deep or hidden web. I've talked about one such hidden network before - here called the Freenet Network.

There is another huge network of information that I want to cover which we will call the Deep Web and it exists on the well known Anonymity network known as Tor.

Tor - The Anonymous Host

Tor was originally designed by the US Navy as means of protecting Government communication but now is freely available and used by people all across the world. It is basically a network of virtual tunnels which people use to surf the web anonymously by hiding the users IP address.

As you can see from this image, Tor creates an encrypted network using nodes which are actually other Tor users and servers. The majority of people use it for basic security and obscuring their IP address but it can equally be used to publish web sites and content on the Tor network anonymously.

It is this function that forms the infrastructure that holds the pages of the Deep Web. The sites don't exist on any traceable server, but on an anonymous cloud hosted by the millions of anonymous Tor nodes online. To access this underground network all you need is the Tor Browser and Tor extension of Firefox which you can get from the Tor Project site.

The Hidden Wiki

For many people the first time they stumble across this hidden web is through a small portal called The Hidden Wiki, this is one of the many directories compiled of some of the sites available on this hidden network. Here's the URL - kpvz7ki2v5agwt35.onion remember it won't work in a normal browser - you'll need to get onto Tor first (which only takes a minute from the above site) and use their browser.

But be careful, this isn't the fluffy, sanitized internet we all spend the vast majority of our time in. The Deep Web is completely uncensored and much of the material stored on here is illegal, immoral and just plain scary!
Here's a screenshot of part of the Hidden Wiki, which lists some of the commercial services available.

The anonymity of the network obviously attracts a certain type of client, here you can buy drugs, stolen credits cards or hire anyone from a hacker to a hitman. Want to buy the latest Facebook virus or a guide to growing and selling drugs - well you'll find them all on this network. To be honest a lot of the Deep Web is pretty unpleasant, it is anonymous networks like these where criminals, perverts and crooks hang out. You should be careful about what you click on as some of these sites are seriously nasty and around every corner you may find a hacker, pedophile or FBI agent!

However alongside the seedy and illegal are political activists, bloggers who would be imprisoned if they published on the normal web, whistle blowers and information idealists of all persuasions. They are also on there but sometimes it's difficult to find them through the plethora of porn, drugs and crooks. Believe me if you think you've seen some dodgy sites online - you've seen nothing like these!

So a bastion of free speech or a criminal marketplace?
Should it protected, policed or closed down?

There are many points of view and in fact the arguments mirror the ones around privacy and free speech on the normal web. The Deep Web possibly offers a glimpse of what an unfettered network would look like - take a look if you dare !!

Dutch Government Making Downloading from P2P Sites Illegal

2011-08-19T20:41:00.000+01:00

The Secretary of the Dutch Government for Security and Justice, Fred Teeven, is hell bent on making it illegal to download anything for personal use. He wants to make copyright holders able to force ISPs into blocking websites and services by obtaining a court order, if any website or service is accused of infringing upon their copyrights.

The Netherlands, a land formally known for freedom, inhibition and neutrality, is now becoming a part of the repressive movement, looking to enforce copyright crimes and filter the Internet.

Teeven says that he just wants to modernize the country’s current copyright laws, giving them more power and authority over their content. But the Dutch laws already state that it is illegal to upload any copyrighted material to the Internet, under the illegal distribution laws. Downloading this same material for your own personal use has been legal for all content other than software or games.

But Teeven wants movies and music to be added to this list, making downloading from P2P sites completely illegal.

They currently have a levy tax on blank media devices, such as CD-Rs, but they plan to eliminate this tax in exchange for making downloading movies and music illegal. They say that it would also prevent further taxes on media devices such as iPods and other MP3 players, laptops, USB storage devices and DVD recorders; but since when has anything prevented taxes?

Once a website or service has been proven to have acted illegally and offered music and movie downloading for free, copyright holders will be able to request that these sites are blocked from customers.

In other words, if they don’t like what you’re downloading from a certain website, they’ll soon block it and you won’t be able to see it again. Teeven says that this would be the last option they would take, giving websites and services time to defend themselves, but that’s truly doubtful. They shouldn’t have to defend themselves in the first place because according to the current laws, what they provide is entirely legal.

Teeven also says that copyright licenses are due for reform as well. They need to keep up with the pace of the Internet and be easier to obtain, mostly so the government can enforce things more easily and they can’t be accused of anything unfair or unjust.

He says that the new laws would encourage creative reworking of media, allowing people to edit and change copyrighted material to share on the Internet, but many are wary of this. Copyright holders will most likely get just as angry about that, and soon it will be illegal to download altered media as well.

The anti-downloading and anti-P2P organization referred to as BREIN said that they are in full support of this new legal action. They have been successfully shutting down piracy websites as well as individuals who download illegally for many years. They are thrilled that the last line of defense for P2P sites is finally being breached.

Canada may have deemed P2P downloading legal, but other countries are still cracking down on illegal downloading. The US, along with forty other nations across the world, have signed a sworn statement saying that all people should have full access to the Internet and everything that it provides, whether it costs money or not. The statement follows the decree made by the UN, saying that Internet access is a human right, allowing individuals their freedom of opinion as well as expression.

This statement even went beyond its human rights component to say that there should be as little repression of Internet information as is possible. Only in certain limited situations would restriction be used, such as when other human rights are being violated, or if the information is harming someone or something.

This statement makes it clear that making downloading from P2P sites illegal is just plain wrong. When people are no longer allowed to express themselves, on the Internet or otherwise, the civilized world is coming to an end. We live in a technology driven world, with everything from Blu-Ray players and iPods to in-car navigation systems and smart phones. Shutting down every website or service that makes someone unhappy would eliminate the Internet within a year.

People who say they are anti-P2P or anti-downloading might as well say that they are anti-technology. When the means are available, people will do as they please. This freedom of expression includes the act of downloading music, movies and other media as they see fit.

Some people will choose to purchase these things and others will not. Usually the people that download from P2P sites simply can’t afford to purchase the media they require to express themselves. Is that really a right we want to take away from them?

With more and more of the world joining the Internet repression bandwagon, it’s hard to say whether or not our rights will extend to the World Wide Web much longer.

138 Words Banned From the Turkish Internet

2011-07-27T10:56:00.000+01:00

The latest development in a series of oppressive acts in Turkey is a simple list of words. These words, consisting of many everyday terms, phrases and even names, are being banned from the Turkish internet for reasons unclear to the population.

A notification was sent to all internet service providers in Turkey on April 28th containing one hundred and thirty-eight words and terms to be banned. The Telecommunication Communication Presidency forwarded this list without explanation as to why it includes many ordinary words that are essential for use in everyday life and conversations.

Names such as Adrianne and Haydar, along with words like hikaye, which means ‘story,’ were on this banned word list.

Associate Professor Yaman Akdeniz, who is a lecturer at a law university, sought out information from the Internet Department at the Telecommunication Communication Presidency. He asked why these words were all of a sudden forbidden and classified into three groups on the list. One particular question he asked them was why the two first names Adrianna and Haydar were on the list. He asked who they belonged to and why they were so important to ban.

He also demanded that the Telecommunication Communication Presidency send him the documents and related materials which spawned this list. Akdeniz said that it was a matter of public interest, something people needed to know. Answers were requested, but what answers would be given?

Apparently, the Telecommunication Communication Presidency had no legal basis for requesting this word ban, which includes primarily common words from ‘forbidden’ and ‘fire’ to ‘overweight’ and ‘sister-in-law’. What reasons could they possibly have for banning these words? After all, any words can be harmful or benign; it’s just a matter of phrasing. They might as well ban ‘human’ too, that is, if it isn’t already on the list.

Akdeniz says that they have no right to ban websites from using these words and threatening them if they don’t comply. With the risk of closing over ten thousand websites just because they use common words, how can there really be anything legal about this ban?

The Telecommunication Communication Presidency claimed that they did have legal justification for their request, but the law they referenced does not give them authority to ban websites in any way. They claimed later on in the tense debate that the list of banned words was mailed to internet companies with an informative purpose.

This only caused more confusion and didn’t answer many questions. It only fueled Akdeniz’ outrage, as they had sent a threatening letter along with the list to the internet firms, warning them not to disobey their instructions.

Even the hundreds of companies from abroad that have sites on the Turkish internet are panicking, including Google and Yahoo, who have many questions but still no answers. Although the Telecommunication Communication Presidency never said what they would do if the web providers didn’t ban websites containing banned words, it’s enough to make companies worried.

Devrim Demirel, CEO and founder of BerilTech, the leading internet and domain name company in Turkey, says that their requests were both unprofessional and inconsistent with internet laws. He also says that it seems like nothing was taken into consideration for the technical aspects of internet work, suggesting that those who made decisions for the list of banned words had no technical knowledge or skill. Banning domains and sites with the words on that list would cause massive losses that businesses would never recover from.

Demirel says that he even received the letter and list from the Telecommunication Communication Presidency via email, a dangerous and unsecure method of official communication. He says that it was not ethical or secure, and that it should have been mailed to his office with the necessary seals and signatures, not by electronic means. Anyone could have sent that email.

Demiral called banning these words a ‘censuring service’ that has left him scratching his head in confusion, along with everyone else.

Adding to the ridiculous nature of this banned words request from the Telecommunication Communication Presidency is the fact that websites will be closed even if a banned word is unintentionally written in the domain name. The website called donanimalemi.com, for example, would be shut down because it contains the word ‘animal,’ even though it translates to hardwareworld.com. Even websites using certain numbers in domain names would be forbidden, such as the number 31, a euphemism for male masturbation. Even if the meaning is unintended and entirely innocent, the websites will still be shut down for use of anything on the banned words list.

Other English words that are also on the list include, but are not limited to, ‘escort,’ ‘homemade,’ ‘free,’ ‘nubile,’ ‘hot,’ ‘beat,’ and ‘teen.’ Apparently the common male name Haydar is on the list of banned words because it is also slang for penis.

Akdeniz and Demiral are just two of the many enraged Turkish people fighting for answers regarding this list of 138 words banned from the internet. It doesn’t make any sense besides as a pure form of censorship. The questions will not stop until there are sufficient answers.

Anas Maarawi: A Missing Voice of Freedom

2011-07-19T15:58:00.002+01:00

From Egypt to Syria to the Gulf States, Arabic youth are in revolt. With undying urges to shuck the bonds of despotic regimes and generations of governmental, religious and cultural oppression, they have risen up against their captors, and are crying for freedom and democracy.

At the core of democracy is freedom of information, expression and the press, for this is the only way a free people can know what it's government is doing, and keep it in check. Despotic regimes, throughout the region, recognize that they must crush free expression to maintain their vice-like grips on their oppressed people, and have declared war against free speech.

The latest casualty in this war of oppression is Anas Maarawi, a Syrian blogger, web-developer and champion of open source software and free speech. On Friday, July 1, 2011, Maarawai was detained, by Syrian authorities, at his home in Damascus, and he has not been heard from since. A voice of freedom has disappeared from the face of the Earth, and the Syrian government has remained silent as to his condition and whereabouts.

Why Anas Maarawi, a man who simply wanted to express himself freely? He was a threat to the regime of Bashir al-Assad, the despotic Syrian president who is well known for his human rights violations, assassinations of political opponents, and criticism of democratic states, the United States included. Bashir's regime controls Syria's economy, and through mismanagement has kept the nation poor and on the verge of economic collapse. Furthermore, Bashir's security forces have required that Internet cafe's record user comments on chat forums, and they have also periodically shut down Wikipedia Arabic, YouTube and Facebook. Bashir knows that his control comes only through an iron fist and suppression of rights, and Anas Maarawi, with his quest for freedom, was his “public enemy #1.”

Maarawi maintained a personal blog, “Anas Online,” as well as several technical blogs. He also developed Android, the first Arabic blog for the Google operating system. Blogs are a forum for free speech, and Maarawi was blogging in Arabic, to an Arabic youth movement in revolt. He blogged about free speech. He leaked details of government-produced television series, and he commented on the Syrian government's block of Facebook and YouTube. He criticized the government for being the sole ISP in Syria, and having the ability to regulate information exchanges. Anas Maarawi, the voice of Syrian freedom, was a threat to Bashir, and on 7/1/2011, government goons took him from his home, never to be seen again.

Syrian authorities, as expected, have remained silent about Maarawi's detention. In fact, they have yet to make any statements, and surely have not admitted culpability in this crime against freedom. We do know that Maarawi isn't the only voice of freedom to be quieted. Other, less prominent, bloggers have also gone missing. The Syrian folk singer and political activist, Ibrahim Kashoush, was found with his throat cut, and Bashir's forces have also been implicated in that killing. To this day, Syrian governmental authorities claim that they do not take political prisoners or order assassinations. As expected, they remain silent on Maarawi, and the scores of others who have been killed or detained in recent months.

Where is the world outcry on the detainment and possible murder of Anas Maarawi, a champion of freedom and democracy? None of the free states, the United States included, have made any statements on the disappearance of this freedom-fighter, nor have they openly criticized Bashir's government for its recent rash of human rights violations. After all, Maarawi was Syrian, blogging in Arabic to an Arabic audience. Although he was an important voice of freedom to oppressed, Arabic youth, he was little-known outside of the Arabic world. The outcry would be audible had he been a white Westerner, but the free world chooses to ignore the plight of an Arab.

The outcry against Maarawi's detention has come solely from the blogosphere, where people truly value and champion free speech. Bloggers throughout Europe, the Americas and the Middle East have heard of Maarawi, and they are the only ones calling for his release. Pleas to Bashir's government have gone out, asking for information and his release from detention. Online petitions have been signed, yet only silence still abounds. The Syrian government fears bloggers and free speech, and will not waiver in its authoritarian rule.

Anas Maarawi has been a voice of freedom in a region ruled by authoritarian despots. All he ever asked for was his basic human rights. He championed the Arabic blog movement, and tried to give truthful information to the Syrian people. For this, he was deemed a public enemy by the government of Bashir al-Assad, who has a long and sordid history of eliminating his political opponents and dissidents. Maarawi's voice of freedom has gone missing, perhaps never to be heard again, and the free world remains silent.

You can Read the Free Anas Website - Here and if you wish to help the campaign some information - Free Anas Campaign and Plus 1 this post !

Another Reason for Hiding Your IP Address

2011-07-06T12:30:00.002+01:00

Now I guess a lot of people who read this blog already keep their IP address private. If you're like me you switch IP addresses several times a day just for practical reasons - perhaps from a UK one for BBC Iplayer, then to a US based IP address for catching up with the latest Simpsons on Hulu. However there still seems to be some sort of confusion elsewhere that an IP address is used specifically and exclusively by one particular person.

This false assumption is of course ludicrous, however it still ends up being used as the basis for various legal claims (usually involving copyright infringement). Fortunately most cases fail brought on this basis fail, simply because of the uncertainty of who was using a connection at a particular time. Indeed it is well known that paedophiles ensure that their own networks and Wifi connections are completely unsecured so that they can use this doubt as a defence if brought to justice.

Another case with relevance to privacy, anonymity using IP addresses has recently been heard - the case of - Media CAT Limited v Adams.

This case was one of many expected to be brought in response to the rather unpleasant business model developed by Media Cat and ACS Law, first mentioned in this blog post - here. Basically the model involved a company obtaining the rights to pursue internet users for downloading films from torrent sites and then pursuing them for damages or taking them to court.

ACS Law would send out threatening letters asking for money in return for dropping the action. Of course what happened is that the person who paid the ISP bill generally got this letter, even when they were completely innocent of the copyright infringement. So for instance a grandmother would be deemed to responsible for her grandson downloading pornography on his laptop - an actual example.

Just for clarity let's just summarize what this business model involved -

Find a copy of a pornographic film being shared online
Contact ISPs and get a list of all the IP addresses that have downloaded this file
Cross reference IP address with users name and address
Send threatening letter to each user demanding payment or they'll be taken to court
Collect money from those who pay up
Take to court (eventually) everyone else
Return to step 1 and find another file.

So of course, half the people who received these threats had never downloaded the films. How many people share an average internet connection, how many unsecured connections are broken into, how many computers are hacked, infected with trojans and viruses. It is of course impossible to tell without further investigation.

These cases are important - firms like these are trying to hold the person who pays the ISP bill fully responsible for anything that happens through that connection. Clearly in a criminal case more evidence would be required that someone is guilty of a crime. However in civil cases there was a real danger that a more lax precedence would be established.

Of course there are so many mobile, network connected devices around nowadays, people cannot be held responsible for everything that connects through or via their networks. Nor should peoples personal details and surfing information be shared so readily and distributed to firms like MediaCat.

Remember your ISP is holding a comprehensive list of everything you do, say or download online - this information and our privacy needs to be protected. Fortunately the judge was equally as sceptical in this instance of this method of business - here's a quote from his transcript.

First, the nature of the case itself raises many questions. I have mentioned some of them above. The issues are as follows:-

i) Does the process of identifying an IP address in this way establish that any infringement of copyright has taken place by anyone related to that IP address at all. The technical issues raised by Mr Davey (and Mr Stone) relate to this point.

ii) Even if it is proof of infringement by somebody, merely identifying that an IP address has been involved with infringement then encounters the Saccharin problem. It is not at all clear to me that the person identified must be infringing one way or another. The fact that someone may have infringed does not mean the particular named defendant has done so. Perhaps the holder of the account with the ISP has a duty to assist along the lines of a respondent to another Norwich Pharmacal order but that is very different from saying they are infringing.

iii) The damages claimed deserve scrutiny. If all that is proven is a single download then all that has been lost is one lost sale of one copy of a work. The sort of sum that might represent would surely be a small fraction of the £495 claimed and the majority of that sum must therefore be taken up with legal costs. If so, a serious question of proportionality arises but again this has not been tested. Clearly if the defendant has infringed on a scale as in the Polydor case then would be a very different matter but there is no evidence of such infringement here.

Hopefully this will deter other such opportunistic companies from taking up this business model. Which invaded peoples privacy and amounted to little better than extortion in my opinion. It does highlight the importance of keeping our data and information secure though. There are many so called legitimate companies seeking to exploit it for their own gain.

How Do I Get a UK IP Address ?

2011-06-13T17:57:00.003+01:00

This very question was sent to me by a US reader who wanted to change his US address to a UK IP address for a single reason - Television. Specifically he wanted to watch Match of the Day, the BBC Formula One coverage and Dr Who on the BBC. All these shows are available online through the wonderful BBC Iplayer but unfortunately it is only accessible to those based in the UK or more accurately those with a UK IP address.

The reason is that the BBC like most other media companies who operate online use a technology called geotargeting. It sounds a complicated, geeky term but it isn't really. It's short for geographical targeting and is a way for a website to display different content to different readers. It's probably best illustrated with an example. The following is a screenshot of a search I ran in Google for 'Plumbers'

Google has determined that I'm using in the UK and decided to show me lots plumbers in and around the London area.

But lets change my IP address to a different country and run the query again. For this one I'll change my IP to an IP address in the United States.

This time Google has using my IP address decided that I'm in Arizona (it's actually where this IP address is registered to - so logically has decided to show me lots of plumbers and adverts for plumbers from within Arizona. Loads of web sites do this and of course it's most annoying when they block you from accessing content based on your location.

Everyone of the main media sites do this, Hulu, ABC, NBC in the US, BBC1, ITV and the other UK stations in Britain and virtually every major broadcaster across the world.

So How Do Web Sites Determine if I Have a UK IP address or a US one?

Well it's actually quite simple, they simply record your IP address when you connect and look it up in big country directory database. It's actually very easy to set up yourself. You can download the IP address database here from a company like Maxmind, then load it into a spreadsheet or database and lookup addresses from there. Most websites will either pay for a service or just run their own scripts against this database to determine which location your IP address is registered to.

There are other more sophisticated methods but largely this or a variant is the one utilised by most companies online.

So to bypass these restrictions you need to ensure that your IP address is from the correct location - this is very usually the country of origin. So for example

Hulu - US Address
BBC - UK Address
Pandora - US Address
ABC - US Address
CTV - Canadian Address
RTE - Irish Address
M6 Replay - French Address

And so on, it is unfortunate in some instance that the people who most want to access these online services - Ex-Pats, people working abroad etc are the ones who can't access them by default.

Originally people used proxy servers that they found online, these are computers which sit in between the web site and your PC. They are commonly used in corporate and educational networks as a barrier to the internet. If you can access the internet at work it is almost certainly through a proxy server. However the ones available online are very dangerous to use as they are often used to steal information and spread viruses - the ones that aren't are nearly always extremely overloaded and too slow for accessing video.

There was obviously a gap in the market! So many of us spend so much time online, for entertainment, research and for work - IP addresses are used to block, restrict and filter what we do online. The requirement was filled by hundreds of proxy/VPN providers who offered a commercial service which you could use to shield your real IP address when you needed to.

There's literally hundreds of these companies now, many market themselves quite openly as TV proxy services (you should be careful with these as they can be shut down overnight). The more sophisticated option is the security software which are generally better run, offer a wide range of country IP addresses (rather than one or two) and a faster infrastructure.

My recommendation is Identity Cloaker whose software is easy to use and offers access to servers in about a dozen different countries (including USA, UK, France, Germany, Canada, Australia and quite a few more). With a click of a button you can change your address to a US or UK IP address or whatever you require. Their trial offer is here - Identity Cloaker or if you want to see it running - I've got a video demonstration here - of me watching BBC Iplayer abroad in Turkey.

There are loads of others though, I do favor the ones that have developed their own software and are proper tax paying companies. Too many of the sites are set up by a kid from his bedroom with a cheap hosting and a mate who's really good at web design !!

Can You Keep a Secret? The Voynich Manuscript

2011-05-10T14:25:00.005+01:00

I had a brief online discussion the other day with someone who doubted that it was worth encrypting anything as there was bound to be someone who would be able to access your data if they liked. The discussion was based around the case of Room 641A and the Government's internet surveillance. Of course it's true that the amount of computing power has greatly increased the chances of breaking ciphers via brute force methods. But to think it's impossible to have an unbreakable cipher is perhaps missing the point. Cryptography isn't a single puzzle to be unlocked, it's the aim of securing or concealing a message to anyone but the intended recipient - there are almost unlimited methods of doing this based on a variety of methods and techniques.

The techniques and methods of cryptography are also being continually adapted - the cipher that the German Kriegsmarine adapted in World War 2 is a long way from the simple substitution ciphers used by Julius Caesar.

The inventor of the Enigima cipher actually estimated that it would take 1000 skilled cryptanalysts armed with captured Enigma machines testing four keys a minute - approximately 1.8 billion years to test all possible combinations!

Now obviously modern day computing power would seriously reduce that - but it is also possible to add millions of more variations to Enigma fairly easily (adding extra rotors to the machine for instance).

But I think there is a better example in The Voynich Manuscript.

Now this is one book with a strange story, there are claims it was written by Leonardo De Vinci, Roger Bacon and that it contains a variety of hidden secrets. It contains 104 parchment folios separated into sections which appear to be on a variety of subjects - herbal, astronomy, biology, pharmaceutical and some sort of recipe sections.

But the real reason that this book is so mysterious is that nobody can read it. The entire book appears to be encrypted with some sort of unknown cipher, we only have a rough idea of the content from the hundreds of illustrations and symbols that appear on the majority of the pages.

Over hundreds of years right up to the present day many people have tried to crack the code and read the book. A couple of people have claimed to have succeeded although these have all been discredited. The book has been recently carbon dated by the University of Arizona who have asserted that it was written on pages created between 1404 and 1438.

But what secrets are contained in the text? It is generally agreed by cryptoanalysts that there is some form of readable text protected by some sort of cipher but until some one cracks the code then we can never be 100% sure. There are of course lots of rumors about the mysteries it holds.

However the crux of my point is that in the age of high powered computers and modern technology - this cipher has remained unbroken for over 600 years despite the best efforts of many. We now have the likes of Advanced Encryption Standard (AES) which is supposedly uncrackable if implemented correctly. Who knows if the NSA or similar have developed systems and procedures for deciphering information encrypted by their enemies. One thing is for sure though that breaking encryption which has been implemented correctly using a system such as AES is no trivial undertaking even if it is possible.

For anyone interested in reading more about the Voynich Manuscript - here's a great place to start -

The Voynich Manuscript

Restricting Information Leakage - Keeping Your Identity Secure

2011-04-22T21:42:00.001+01:00

There are enough inherent risks in using the internet, this blog covers many of the challenges we all face in trying keep our surfing anonymous. However it is sometimes amazing just how much data is just leaked to the internet largely unintentionally.

I started thinking about this post after a friend of mine asked me to look at his security cameras in his small shop. These were IP based cameras and after briefly sorting out the problem I had a look at the remote admin function these cameras had built in. Basically you could watch the video feed from them over the web in a simple web browser, you can even (with the admin password which was set at default anyway) control the cameras. The owner had no idea they could do this and was quite shocked that anyone could see into his shop over the internet !

I want to show you some of the information leakage that takes place over the internet using some simple Google queries. Some of this data is leaked intentionally but very often the company or individual has no idea they are allowing the world access to this information.

Photo and Images Dumps

If you're like me then you probably have several thousand digital pictures that you have never got round to printing out. But of course with the high resolutions of todays cameras your SD cards are soon filling up so you have to dump them onto a computer. Of course many times these are dumped in to home directories, file shares or computers that are connected (and accessible to the internet) so instantly people become publishing moguls.

Here's one simple Google Query to find these photo dumps, just type this into Google -

index.of.dcim

Which simply searches for the directory structure which many digital cameras create and are copied onto computers across the planet. Here's the query and a snapshot of the results.

Try it yourself, you'll get thousand of web addresses which lead to simply dumps of digital photos from a variety of different cameras. Some are probably intentional but if you browse through the pictures you can tell that many are definitely not.

Does this young chap from one of the dumps realise that his photo has been released online possibly leading to identity theft or at the very least compromising the location of one of his nut stores!

Online Video Cameras

These are all over the place now and there are hundreds of different makes and models most which allow some sort of internet connectivity. Of course many of these are set up deliberately to allow people to view them online but when you start looking at these, many clearly are not intentionally left open.

Here's some queries - just type the highlighted phrase exactly into Google.

Toshiba Cameras - camera - user login"
Panasonic Cameras - inurl:"Viewerframe?Mode="
Sony Online Cameras - SNC-RZ30 Home

You'll find security cameras watching peoples homes, business, warehouses, offices and school corridors. Of course many of them are watching public places and interesting sites so have been set up specifically to allow open access but it's clear that many haven't been. Would you want the entire internet to be able to see if you've left your back door open or you're away for the night - nor would I!!!

Using a VPN to UK for More Than Just Watching BBC IPlayer Overseas

2011-04-02T16:11:00.004+01:00

Most of the people who use security software or the many VPN to UK products available do so to things like watch BBC Iplayer overseas. For them the security side of these products is pretty immaterial, however this is in my opinion a mistake. You might expect your user accounts, login details and passwords to be quite secure especially if you have that nice secure padlock in your browser. However you couldn't be more mistaken!

Let me show you a little example using a online payment system that most are probably familiar with - Paypal. I'm not singling these guys out it will happen with any so called secure site that you care to mention - but it's one of the scarier as many of us have bank cards linked directly to our accounts.

Is My Account Secure if I use Secure Sites (SSL)?

First of all I want to show you how many places have the possibility of intercepting your data when you login in to Paypal. It's the very nature of the way the internet work that all your data flies across a huge array of shared hardware that makes up the infrastructure of the internet. If you want to see the route your request will travel to a particular website you can use the tracert command in Windows. Just select the command prompt and type the following

tracert www.paypal.com

This will show you the route all your requests will take to the paypal server.

Here's the route my requests will take starting off from my router, next to my ISP then along a series of routers and switches until it reaches the Paypal web servers. Any of these points has complete access to all my data and it will probably be logged at most of these points along the way. Of course you can add to this list anybody who is deliberately intercepting your traffic from any of these locations too.

Now normal web requests are serviced using HTTP which is a basic clear text protocol, it's fast and efficient but anyone who has access to this data can view all of it. This complete lack of security is why SSL was invented to add a layer of encryption to web requests for important transactions like logging in to a web based payment system like Paypal or logging in to your bank account and stuff like that.

So let me show you the problem with SSL security as I login in to Paypal -

You can see at the top that this is a secure web page protected by SSL - the address starts HTTPS which means that when I login all my details are encrypted including my username and password. That's great then, nothing to worry about, or is there?

Next I want to introduce you to a little program called a SSL sniffer made by a company called Komodia. You can download it for free at this address - Komodia Sniffer. This program not only can sit and sniff all the data sent and received by any process (in this case it will be Firefox) but it also can decrypt the data as well. It takes about a minute to set it up and requires no real technical skill.

So here's what I see after I login to my Paypal account with Komodia SSL Digestor running in the background.

Now you'll have to try this for yourself or take my word for it, but listed in the data is my Paypal login name and the password. I've obviously blanked this out but I can assure you it was completely decrypted and readable. The SSL digestor actually decrypts the traffic on the fly, so anyone has the potential to harvest usernames and passwords for any accounts on the internet using this and tools like it.

Now don't get me wrong I use a VPN to UK all the time to watch my favorite shows on the BBC Iplayer. But don't forget about the security aspect, if you've invested in a subscription to a proper security product like Identity Cloaker don't just use it for watching BBC Iplayer overseas - protect your connection too!