Category: Other

Other computing tips

Decentralised group communications with matrix

Matrix is a new open source standard for secure real time communications using end to end encryption, it can be used for video calls, voice, text, file transfers and anything that developers want to build on top of it. Matrix server infrastructure is made up of multiple nodes talking to each other, it ends with the current fragmentation of messaging apps forcing people to have the same software installed to be able to talk with each other.

Unlike WhatsApp/Viber/LINE/Kik and similar apps needing sovereign installation, matrix is identity agnostic, the ecosystem runs an open federation model where anybody can run their own matrix server and join the network.

Identity servers track which emails and messages belong to which matrix ID, chat rooms do not exist on any single server, they are shared across multiple participating servers and each participating server can choose to publish their own alias, several different aliases can lead to the same room depending on what server you are using.

Decentralised private chatroom matrix

I joined a matrix test server, it was only necessary to pick a username and a password, there is no obligation to provide any email address, although specifying one lets other users find you on Matrix more easily and gives you a way to reset your password in the future. If you opt for email registration a verification code is sent to your address, the registration process took me less than a minute.

After logging in you can see multiple public chat rooms, this is nothing like IRC, matrix is more multimedia centric and it lets you call and post inline photos to the whole chatroom, you can have an avatar, notification settings that are triggered when somebody types a keyword in the chatroom and sending SMS messages to a phone number using the web gateway, currently free during beta testing but a Paypal account must be linked for security to stop abuse.

The interface was fairly easy to use and it certainly looks better than the old IRC but I am just happy using a jabber instant messenger to communicate, I don’t see a special need for a matrix network. I favour the idea of not having to adopt multiple providers to communicate with other people and not relying on a single cloud server for communications but as a user I don’t care if it is a matrix or XMPP server, I couldn’t see that many differences in between them, most of things that matrix can do can also be achieved with a jabber client.

Visit matrix homepage

22 April, 2015
List of the best encrypted chatroom services

When your access to secure communication tools is limited in a shared environment or your are on the go, the services below can be used to set up a makeshift secure chat without any technical knowledge

These websites can create an encrypted chatroom with minimal registration details and they can be accessed by anybody with a web browser in their computer or mobile device, but the websites also require you to trust the server operator, hence, you should not use them for high security unless you host the chat software.

I have used a few of the sites below with a VPN proxy to hide my computer IP and I didn’t have any kind of problem to do this, the only condition is that javascript always has to be enabled since this is what is used to encrypt the messages in your browser.

Otr: Peer to peer chat in your browser with no central server and no need to register or install anything, you simply open a chatroom and send or post the link somewhere for your contacts to access it, but remember that once everybody leaves the chatroom it ceases to exist.

Cyph: Encrypted group messenger and video calling that works in the browser and smartphone with encrypted cloud storage. Cypth uses quantum resistant cyphers and has been independently audited by Cure 53 a German cybersecurity firm.

Teleguard: Swiss based instant messenger that does not require you to register a phone number to use ti, Teleguard can be used in smartphones, Linux, Windows and Mac computers but you have to download their application it won´t work in the browser.

Brave Talk: From the makers of the privacy focused Brave browser, Brave talk allows you for free encrypted video chats right in your browser, one of the callers needs to be using the Brave browser to create the chatroom but the others can use any browser they want and connect by clicking on a link.

ChatCrypt: It allows you to create an encrypted chatroom entering a name for the room, a username and a password. People who want to join in will have to visit ChatCrypt and enter the room name and password you have given them. ChatCrypt rooms are not listed anywhere, they can only be found if you let other people know that they have been created. All messages are encrypted in your browser with AES256 bit in CTR mode before transmission.

ChatCrypt is funded with advertising and you will see a banner on top of the chatroom, Google and their NSA friends, perhaps can’t read the messages but they should still be able to track the IP of people in the chatroom using the advertising banner.

25 March, 2015
Encrypted cloud storage with messaging Peerio

Peerio is a company providing encrypted file storage with integrated instant messager in the cloud. Available for Windows, Mac and Linux (if using the Chrome browser), smartphone apps are on the way, it is being developed by the makers of Cryptocat and miniLock, two other cloud based encryption utilities.

Before you can use Peerio you will have to register for an account selecting a username, the email address you provide will receive a verification link for you to click on, after that you can create a short PIN code to pair devices with Peerio. A long passphrase is generated during account creation to stop users from picking a weak one, this is very important as encryption keys are derived from that passphrase.

Although I see why the developers do this, I am not a fervent supporter of having something as important as the passphrase picked by a third party app instead of my trusted offline password manager, and most likely people without a password manager will write it down anyway.

encrypted file storage Peerio

Peerio interface is clean and easy to use, you will see three tabs “Messages“, “Files” and “Contacts“, and a column allowing you to classify uploaded documents by file type (Photos, Videos, PDF, etc), everything is automatically synchronizing. After you have added a contact, that person will be able to talk with you in real time, to send him a large file, drag and drop the files you wish to share inside the window to upload them to the cloud, another button lets you destroy those files from your account and the account of the people it is being shared with.

This platform is comparable to Mega, a more established encrypted cloud storage with messenger that offers far more space. Peerio developers have no way to know what you are sharing, only users hold the private key to decrypt data downloaded from Peerio Canadian cloud servers, the company can’t read anything but they admit that timestamps and login IPs are kept, that is all they can hand over if they are forced to.

A substitute method to send large files with end to end encryption is using an instant messenger and encrypting the files with PeaZip before the transfer. Peerio’s main leverage is that it does all the encryption work in the background but it also has the disadvantage that to send big files you will be asked to upgrade to their upcoming paid for plans, and, the part that bugs me the most, is that you have to convince your friends to open an account with Peerio.

Peerio erasing shared cloud files

If you are small company and your employees need to share files often, perhaps Peerio will work, but for the individual, it is best that you encrypt a file and upload it with a proxy to a cyberlocker or use NeoRouter to avoid the metada treasure trove that cloud servers are, with the extra benefit of always having the data available in your hard drive.

Other secure ways to share large files without a cloud server involved are Bittorrent Sync and Infinit.

Visit Peerio homepage

16 March, 2015
Wireless anti surveillance device Cyborg Unplug

Cyborg Unplug is a hardware device that scans your WiFi network, detects unauthorised gadgets connected to the network spying on you, like a wireless cam or microphone, and disconnects them.

There are two models available, one that works with the 2.4GHz band and detects and disconnects gadgets like Google Glass, warning you with a blinking LED light or sending an alert to a smartphone app, and a more expensive model that works in the 5GHz band, normally used by businesses, emits and audio alert and can monitor Bluetooth connections in addition to WiFi.

The hardware is nothing out of the ordinary, a simple WiFi router with an Atheros chipset, the magic is the firmware powering Cyborg Unplug, it runs a modified Linux based OpenWRT for embedded devices that blocks appliances from getting to the Internet. The code is open source, available for download, it can be installed in compatible hardware if you are a tech able to make your own.

Anti spy device Cyborg Unplug

Unlike WiFi jamming, this device detects specific MAC addresses of surveillance gadgets like Google Glass or drones and disconnects them from your wireless network sending a de-authentication packet. The Cyborg Unplug owner gets to decide what kind of gadget can and can not be connected to WiFi, white listing them with a check box. Since the device relies on knowing the spying devices MAC addresses, Cyborg Unplug will be updated as new ones hit the market, with lists downloaded to Cyborg Unplug using the Tor network to avoid exposing your WiFi IP anywhere.

This device can only be legally used in your own WiFi network, using it somewhere you are not authorised would get you in serious trouble. The developer recommends you to only turn the “Territory Mode” on, this mode blacklists targeted gadgets and allows access to everything else, a more restrictive “All Out Mode” kicks off the wireless network all devices in range, including paired smartphones. This can be illegal in some jurisdictions and you are the only person responsible for illegitimate usage.

The biggest downfall of this device is that it will not prevent a recording, it only prevents streaming over WiFi, the second problem is that if the spying device is sending out data using a 4G mobile phone network it gets away with it, but not many do that because 4G it is still expensive for video.

Home users worried about their own WiFi network being exploited should configure their router filtering MAC addresses. The substantial use I see in Cyborg Unplug is for businesses like restaurants or offices providing WiFi access. I liked how easily this devices can kick out drones, webcams or Google Glass while allowing laptops and tablets in with very little work.

Cyborg Unplug can be handy as part of a security layer administering wireless Internet services, but not as a stand alone bullet that will prevent WiFi abuse.

Visit Cyborg Unplug homepage

11 October, 2014
A look at the evidence alleging that Giganews is an FBI operation

As recently reported by Cryptome, a Giganews ex-employee has leaked to them what he claims is evidence that Usenet provider Giganews, with subsidiaries PowerUsenet, Usenet.net, RhinoNewsgroups and VPN company VyprVPN are logging customers downloads and work for the FBI. I downloaded all of the evidence Nick Caputo presented and I researched it to find out how substantive his accusations are. Assume nothing, believe nothing, allow the evidence to speak by itself.

Nick Caputo first claim is that he used to work as a system administrator for Giganews, to prove this he sent Cryptome photos of his employee badge and payslips, both look authentic and a recent post in Giganews blog admits that he is indeed an ex-employee. Based on this, it is out of question that Nick Caputo is a former Giganews system administrator, nobody disputes that.

The second claim Nick Caputo makes is that due to a misunderstanding with GigaNews CEO, Ron Yokubaitis, he removed three groups carrying child pornography from Giganews list and that he was subsequently disciplined by Giganews/Data Foundry administrators for doing that, with subtle references to an FBI investigation in progress, the child porn groups were later on restored by one of the administrators from Data Foundry back ups. There is no hard evidence supporting any of the facts, you have to take Nick Caputo’s word at face value.

FBI agent Scott Kibbey and Charles Riley

The ex-employee, claiming to be upset over what he believed was Giganews facilitating child porn downloads, decided to contact the FBI a few months later. Special Agent Scott Kibbey and FBI agent Charles Riley had a meeting with him in unlisted FBI Austin offices located at 12515 Research Blvd, Building 7, Suite 400, during that meeting Nick Caputo was told that the agents were friends with Giganews CEO and they would give him his old job back under a new identity, Nick Caputo also claims that both FBI agents worked at Giganews data center undercover and as evidence of all this he attachs various text files with email headers of the email exchange he had with them as well as a scanned copy of both FBI agents contact card.

I did a whois on the computer IP that shows in the email headers and the IP 153.31.119.142 is listed as being part of the “FBI Criminal Justice Information Systems”, I also searched in DuckDuckGo for “Charles Riley FBI” and a LinkedIn page comes up listing him as a Detective for the City of Austin working in the Digital Forensics Unit. Based on this, I believe that Chris Caputo had a real meeting with these two FBI agents but what was said in that meeting is another matter that can not be proven. Something that does not make sense is that the FBI would offer Nick Caputo his job back in Giganews under a new identity, surely, his co-workers would know his face even when using a different name.

Another bizarre claim of Nick Caputo, with no supporting evidence, is that the Chinese government has access to VyprVPN Hong Kong server and it was brought down by a Chinese employee the day of Tiananmen Square anniversary. All I can say, is that he gives zero proof of this claim and it is weird.

There is an equally weird Giganews blog post saying that the company doesn’t work for the FBI and they pretend to prove it by saying that Giganews has SSL for Usenet downloads and a VPN. That means nothing, owning the servers they can see what goes on, and Giganews forgets to mention something very important of which there is ample evidence. Giganews is the only Usenet provider that is a member of the Internet Watch Foundation, for those who don’t know, the IWF is a British organisation that works for the police trying to remove child pornography from the Internet and tells Internet Service Providers what pages to block.

I don’t believe it has been proven that Giganews is an FBI honeypot, the evidence given by Nick Caputo shows that he used to work for Giganews and that he had a meeting with FBI agents to discuss something, but beyond that, it is impossible to know what was spoken or said at the workplace and in the meeting with the FBI agents, and both parts, Giganews and Nick Caputo, have a personal interest in descrediting each other.

I am a Usenet downloader myself and I don’t use Giganews, they are clearly overpriced and after the Snowden leaks I try to reduce my reliance of USA based companies. If anybody cares to know, I am currently using Tweaknews.eu in the Netherlands, and Altopia in the USA, one is offshore, and the other one is too small to be of interest for a global gagging order, and they both have their own hardware, don’t censor groups, and are not resellers.

Read more in Cryptome

21 September, 2014
Encrypted radio frequency communications with goTenna

Designed to be able to communicate without any Internet service provider, WiFi or mobile phone network, goTenna is a small autonomous hardware device that fits in your pocket and can be plugged into an iOS or Android smartphone to transmit low frequency 151-154 MHz radio waves to other goTenna users, pairing with them via Bluetooth LE (Low Energy). The device can not be used to make voice calls, but you can send text messages and share your location.

Possible utilities for goTenna are communications in disaster zones with destroyed infrastructure, sending an emergency message if you are lost in the middle of a mountain that has no mobile network coverage, and, private communications. This device should get around Internet mass surveillance frameworks set up to monitor Internet and mobile phone networks, unless an operative is within goTenna radiowave range with bulky wiretapping equipment, they better forget about intercepting or detecting goTenna data transmissions, not to mention that you do not have to pay for a subscription to use it.

goTenna radio frequency communications

With the device you get a custom goTenna app preloaded with offline maps to see your friend’s location without needing Google maps or an Internet connection, however, if you don’t remove the mobile phone SIM card, your GPS coordinates and that of your associates will be revealed to the network provider even when you are not placing a call.

Radio frequencies can be easily intercepted, to stop this goTenna secures your messages with 224-bit elliptic curve end to end encryption. There is no central server, messages are stored inside goTenna’s internal flash memory, it can hold 1000 messages. You communicate P2P with your friends, in group or individually, and it is possible to send self destructing messages to only one person, the message will be erased straight away after it has been read and not stored in the memory.

Communications range is an awesome 1 to 50 miles, depending on obstacles and geography, according to one of the founders, Daniela Perdomo, the maximum 50 miles range is only achievable if you are on top of a mountain, on the ground in an open space you get around 9 miles communications range and in the city, without line of sight and many obstacles around, you should get from 0.5 up to 1 mile range. Data transmission at 9600 bps is too slow for sending rich media like selfies, but enough for text messages.

Due to radio frequency regulations goTenna is not allowed to daisy chain a network in mesh, communications are point to point, but you can send a “shout” to all goTenna users in your vicinity or set up a private group chat.

goTenna mobile app

Other similar self-ruling communication schemes that don’t need of a provider are existing mobile phone apps that communicate with other users P2P but their range is very low, bounded by Bluetooth, a couple of dozen meters. And of course you have the walkie talkie, it doesn’t need of an Internet service provider or satellite to operate but it does not encrypt radio waves like goTenna, unless it is a very high end device of the kind used by law enforcement and emergency services.

goTenna battery lasts up to 72 hours with low usage, the enclosure is weather and dust proof for you to take hiking inside your pocket or clipped to a rucksack band. I liked the small size, relatively long battery, it works autonomously without any state or corporation oversight of the data being transmitted, and the radio waves are encrypted with strong algorithms, the price is not so attractive. This device can work anywhere in the world, legally it needs a transmission license and right now it is only available in the US where they have FCC approval.

Visit goTenna homepage

17 September, 2014
Anonymous torrent downloads with Tribler

Tribler is an open source bitTorrent client developed by the Delft University of Technology, TU Delft, in the Netherlands. What makes this program different from the other dozen file sharing clients is that it includes a unique built-in peer proxy bouncing technology routing data across multiple peers before reaching its final destination. Just like in Tor, three different random nodes are used to stop a rogue node operator from finding out who is downloading a file.

The first peer proxy encrypts data to block other nodes from seeing the content of what it is being forwarded, only the person requesting that file is able to decrypt it. The peer proxies don’t keep logs of anything, seizing them will be of no help to determine past usage.

Another Tribler anti-censorship feature is that you don’t have to visit torrent sites to find files, the software is currently using central trackers and indexers but if they are ever taken down, Tribler can search the network to find user submitted .torrent files that don’t have to be uploaded to sites like The Pirate Bay or Demonoid.

Tribler torrent channels

Besides security, Tribler has dozens of attributes to help you manage torrent files. You can locate torrents using Tribler integrated search box or in what they call “Channels“, a collection of user generated files that can contain movies, ebooks, photos, games or music, anybody can create them. I was able to find new movie releases and TV series in no time and without any spam. The program crowd sources filtering, channels have a “Spam” button next to them, when enough people are annoyed and click on the button, the channel gets buried, meanwhile good quality content can be boosted in search results clicking on a “Favorite” button next to the channel.

You can give a descriptive name to Tribler channels you create, sadly many people are not bothered with this or don’t know how to do it and I found channels named “Grandma PC” or “ElderScrolls“. To know if the content is worthwhile watch out for the star rating next to each channel, it lets you know how popular it is, saving you time by not having to click on each folder to see what is inside.

Important things to be aware of: When you first start Tribler you will not see any channel, it took me ten minutes for the first 30 user generated channels with content to show up, this increased to 50 channels in another ten minutes, the longer you stay on the network, the more content will appear. Another thing is that the software will automatically create a folder with your Windows username on your desktop to store downloads, make sure that your Windows username is not your real name or change the folder name in settings.

Tribler channel creation

If you are browsing the Internet at the same time as you download a torrent in the background, right click on the torrent and change the default unlimited bandwidth allocation to avoid slowing down your browsing, and before downloading a big movie, it is best to stream part of it with Trible integrated VLC media player. Tribler also allows you to copy the magnet link, see the number of seeders, list the trackers announcing the torrent and it has a family filter that will not stop you from seeing porn thumbnails in Tribler main window. I read in Tribler forums about other users having the same porn problem, the developers seem to be aware of this and are working to fix it.

Regarding anonymous downloading, be extremely careful, the technology is in testing mode, not all downloads are anonymous. You can see a column next to the torrent file where it says “Anonymous yes/no“. My main concern is that I don’t know how willing are going to be the authorities to arrest somebody forwarding encrypted data in Tribler that happens to contain something illegal.

Tribler proxy bouncing is too new to know for sure if it can stop abusive DMCA notices from landing at the door of those forwarding traffic, but anything that makes it more difficult to find a downloader’s computer IP should be welcome.

Visit Tribler homepage

7 September, 2014