Radio Police Scanner Lite is a free app preconfigured with a list of emergency services radio frequencies, it can listen in to firefighters, ham radio, aircraft and live police radio, each feed comes from a person owning a police scanner in that geographical zone and sharing it via the Internet. Stations are classified by region and country with a built-in emergency services code to interpret what they are talking about, you can add any radio frequency broadcasted over the web in the RSS feeds link, it will automatically reconnect to the feed if it loses connection, favourites can be pinned to the front screen and accessible with a single tap.
There is only a delay of a couple of seconds in between the real talking and the broadcasting, you can browse the Internet while listening to a feed in the background, the only thing not guaranteed is that your country will be covered but the app is continuously expanding radio feeds, the paid for version of this app comes with thousands more of radio frequencies.
Radio Police Scanner smartphone
Many of the radio frequencies will be silent, the best way to spot what are the most active channels is by looking at the popularity of each feed, the more listeners the more likely it is that there is something going on or talking.
Investigation departments use encrypted radios to communicate during surveillance operations you won’t be able to listen to those, the radio will broadcast a routine police or firefighters working day. Police radio scanners are legal in many US states but is best that you check your local laws before using it as there are some restrictions like for example using a police scanner to impersonate a police officer, alternatively you can also listen to live emergency services online via your browser at Broadcastify.
Hide it Pro is a free app for Android and iPhone to hide pictures, videos, audio files and others. The app is disguised as a functional audio manager, anyone playing with your phone will not realise you have a privacy app installed, the icon looks like a music sound logo, tapping it will launch a menu to adjust the phone ring tone volume.
When you run the app for the first time you will be asked to enter a numeric pin code or password to lock your screen, an email address can be linked to your account to reset your password if you forget it, it is not compulsory you do that. Using Hide it Pro interface you can select the files you would like to hide vanishing them from gallery view, encrypting the data with AES256-bit and password protecting everything, you can email files from inside the app or view a custom photo slideshow without having to move the photos outside the encrypted folder.
Hide it Pro hides Android&iPhone photos
Hide it Pro can set up a second escape password, leading the user to a different encrypted container that you can show to people if anyone discovers that you own encrypted data and are forced to reveal the password under threats, the escape password works like Truecrypt hidden container feature but I don’t know how safe this is from a thorough investigation, you just have to trust the developer did everything right.
If you share your mobile phone with family members or work colleagues Hide it Pro will prevent them from discovering private images stored in your mobile phone, the app is self-explanatory, it can also be used to hide and lock other apps.
Fotoforensics is a website for advance photo analysis, you can check whether a photo has been modified or not and see embedded metadata that could contain private details, the photos can be uploaded from your PC or directly linked from a URL, there is an optional Firefox browser plugin to make image forensic analysis easier, any image that can be displayed on your browser can be analysed, the plugin gets around sites like Facebook requiring login to view a photograph.
The service supports .jpeg and .png image formats, the most common image file extensions found on the Internet, the metadata analysis can find out if a graphics editor has been used to modify the image, ACD See for example will embed the program name on the photos it saves, metadata also shows how many times the image has been edited, identity attributes and how the image was managed.
Image computer forensics Fotoforensics
To determine if a photograph has been forged Fotoforensics will use Error Level Analysis to see the image modification percentage, the image will be saved at different compression levels and then compared with a computational algorithm to see the amount of change, this is not an 100% accurate method to detect fake photos, it is possible to defeat image computer forensics algorithms looking at high frequency decomposition by reducing colour, brightness or contrast but there are other photo attributes that can be analysed.
The website has a very detailed tutorial and FAQ explaining what results you can expect and how to interpret them, you should read it to understand what you are seeing, this is not a tool that will tell you a “Yes” or “No” answer, it is up to you to interpret the results which could turn up to be inconclusive.
You could use this tool to check that your EXIF image cleaner is working properly but do not upload anything private because the results are saved in a public URL on the server, uploading pornography is not allowed, to check if an X-rated celebrity photo is real or not you will need to find another place or they will ban your computer IP.
Bitmessage is an open source P2P program utilizing a Bitcoin like protocol that instead of sending money sends anonymous encrypted messages to one or multiple people at once, the application has a portable mode that does not need installation, it uses 2048-bit RSA encryption keys stored inside a keys.dat file which can be opened with any text editor and OpenSSL for cryptographic functions. Bitmessage cryptic addresses closely resemble a Bitcoin address, the best part is that both keys are compatible, Bitmessage uses the other part public key to print their Bitcoin address in the console which can be used to send them money.
Bitmessage sends data over its own P2P network, the nodes store messages for two days before erasing them, new nodes joining the network will download and broadcast the pool messages from the last two days. To stop spam the sender is required to spend computational processing power for each message he sends, modelled like the Hashash antispam scheme and the Bitcoin mining system, the protocol has been designed to be scalable as needed. I sent a small text message to a friend and it only took a few seconds of wait for it to be processed, a “Doing work necessary to send message” warning will be displayed while you wait and your computer CPU works, I also subscribed to an open Bitmessage mailing list using the subscription tab by simply adding the address “BM-BbkPSZbzPwpVcYZpU4yHwf9ZPEapN5Zx”
Bitmessage anonymous encrypted messages
Other tabs in the program allow you to blacklist and whitelist addresses, add contacts to your address book broadcasting to everyone listed there or selecting just one contact, the tabbed system makes Bitmessage usage spontaneously easy, you can also change the default listening port “8444” and network settings entering a Socks proxy, only the key management was very primitive, it opened up Bitmessage keys using Notepad.
You can create as many Bitmessage addresses as you like, creating and abandoning them is encouraged, there is an “Identity” tab from where to manage your addresses, they can be labelled. Addresses can be generated using random numbers or a passphrase, called “deterministic address“, you can recreate this address on any computer from memory without having to back up your keys.dat file as long as you remember your passphrase but you will need to know the passphrase to recreate the keys if you lose them, you will also need to remember the address version and stream number, choosing a weak passphrase could result in a brute force attack and your identity stolen, deterministic addresses can be made one or two characters shorter spending a few extra minutes of computational processing power, these addresses are optional, I believe the random cryptic addresses to be more secure for those paranoid.
Bitmessage encrypted mailing list
Bitmesssages are first encrypted and then sent to a common message pool shared by all users to hide sender and receiver, only those listed in the receiving address will be able to decrypt and read them, the program has been designed to only send text without any attachments, I did not test it but theoretically it should be possible to send a jpeg photograph. After erasing a message there is no trash can to retrieve it but it will still be present in your hard drive to manually view it with a bit of work.
I used Bitmessage with a VPN and I did not experience any problem besides a coloured network status code that turned yellow indicating that my firewall or router couldn’t forward TCP connections, this is not a big problem, it only meant that my node was not relying messages to other nodes for other people but I could still receive and send them, as long as someone in the network has the green network status messages can be passed on in between peers.
Note: The sofware is currently a beta release in testing.
The Onion Browser is an iPhone only browser for anonymous Internet browsing using your smartphone relying on the untraceable tor proxy network to hide your real IP from websites you visit. The tor network can be slow at times due to the number of nodes relaying traffic and overall network load, for browsing without file downloads or video streaming speed should be sufficient, the Onion Browser also gets around firewalls if you are using a public Wifi access point that filters traffic and blocks websites and since communications in tor are encrypted with SSL any packet sniffers deployed by the Wifi network administrator will not be able to see what websites you visit, only that you are connected to tor.
The app options include “Enable UA Spoofing” to fake the HTTP User Agent header sent to the websites you visit, it can be changed to iOS Safari to improve mobile website compatibility, or to a Windows 7 and Firefox string so that it will look like you are browsing using a desktop computer, “Cookies” can be set to Allow All / Block Third Party / Block All, a “New Identity” button will clears all cookies, history and cache requesting a new IP with a single tap, there is a way to set up bridges, unpublished tor proxy relays for those living in countries like China where tor is blocked by the ISP, setting up a bridge on this app takes some work, best if you can avoid having to apply them.
iPhone Onion Broswer tor proxy
I found the app lacked bookmarking but the startup page contains a list of well-known .onion sites that will take you where you want to go. For anyone concerned about built-in backdoors the Onion Browser source code can be downloaded from the open source platform GitHub along with technical details, the app will work in the iPad too.
DeepSound is a steganography tool to hide any kind of data, from text to photos, inside sound files, for extra security everything can be encrypted using AES256-bit and only available with the correct password, the modified audio file will play as normal and nobody should notice it contains hidden data inside. The program interface is very simple, it comes with a file browser to manually peruse the directory where a suitable carrier sound file can be found, when password protecting the data you will not be asked to confirm the black dot covered password twice, if you make a typo you will not notice it until it is too late, it will be best if you test the file after creating it to make sure everything works as expected.
Encoding or extracting data can be quickly executed using shortcuts, the program settings allow you to graduate output quality ratio from low to high. If you are going to create an audio CD with hidden data the developer advises to disable volume normalization in the CD burning software to prevent data corruption that would stop hidden files recovery, a one page help manual with screenshots is included, you are not likely to have to read it.
DeepSound hides data inside audio files
This tool can only hide data inside Waveform Audio File Format .wav and Free Lossless Audio Codec .flac sound files, these are not very common files, .wav is normally uncompressed, perfect to hide files inside, but the files are very large and not usually used for music, only small sounds.
FLAC is a royalty free open source alternative to proprietary .mp3, .flac files are compressed and suitable for music albums, supporting metadata and album covert art, if you are going to hide data it will probably look less suspicious inside a .flac than the inadequate .wav file format, and it will be easier to distribute a .flac file given its smaller size. This application could also be used to watermark copyrighted music and track down the source if it is later found leaked in file sharing networks, but converting the file audio format to something else would get rid of the hidden watermark.
The Global Islamic Media Front, an underground propaganda division for Alqeda and other violent jihadist groups, has released what they call “The First Islamic Program for Encrypted Instant Messaging“, an instant messenger plugin working alongside another jihadist encryption tool called Asrar al-Mujahideen, already reviewed in my Mojaheeden Secrets post, consisting of nothing else than a PGP like public/private key encryption tool. This new plugin works with Pidgin an open source instant messenger compatible with all major IM networks like Yahoo Messenger, Google Talk, Jabber, ICQ and others.
The announcement includes a ten minutes video tutorial subtitled in English and hosted in Youtube, not containing any Alqeda branding to stop Youtube taking it down I presume. After watching the tutorial I can attest that the instructions were very accurate, whoever produced it was highly experienced in computer privacy tools and demonstrated how to use tor proxy to download Pidgin with Startpage set as their main search engine, which, unlike Google, does not keep IP records, other sophisticated anonymity technologies included configuring a Socks5 proxy so that not only the chat will be encrypted but the computer IP will be hidden from the other part.
Asrar-Al-Dardashah encryption plugin Alqeda
The tutorial advised jihadists to only download the plugin from a trusted source and compare the public encryption key ID from the the person they are chatting with the key they have stored in Mojaheeden Secrets 2 to make sure nobody is stealing that person’s identity and replacing the encryption key with their own.
At first glance it might seem impressive that Alqeda supporters have their own high quality branded encryption software, it must work great for propaganda purposes and reaffirmation, however, they are not reinventing the wheel, OpenPGP is open source, it can be checked for backdoors and it has around for a long time, the plugin they are releasing closely resembles the OTR (Off-The-Record) anonymity Pidgin plugin that has been around for years, this is not a new security tool and the only concerning part is that Alqeda supporters are learning how the technology works, but they are also drawing attention to themselves by using a tool that only jihad extremists have access to, the CiA just has to love how Asrar al-Mujahideen is introducing its own “#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—” tag in every single encrypted message it sends. American secret services packet sniffers must be busy tracking down where in cyberspace is people sending messages with those tags.
Global Islamic Media Front encryption tools only work in Windows, until jihadist discover the power of Linux or BSD they won’t do much damage in cyberwar since most companies and government servers normally run Linux, encryption will be also of little help to them if informers can be found inside the group.
