mudadosk.com

What struck me was U.S. Rep. Ed Markey’s (D-Mass.) surprised reaction. Markey said the news was “bone chilling” and told AFP, “I have my eyebrows arched so high they’re hitting the ceiling.”

Anecdotally, I would say the assumption among people involved with media and politics in Beijing is that it is trivially easy for the government to tap cell phones and gather location data based on which tower your phone is in touch with. E-mail also is often assumed not to be secure. Markey must know the U.S. government can do this too, especially in light of the illegal wiretaps by the Bush administration. (The secret monitoring of U.S. citizens would actually have been legal if they had bothered to get their warrants rubber-stamped by a secret court, so don’t think due process is a defense in the United States.)

So why was it so shocking to an AFP reporter when China Mobile CEO Wang Jianzhou told an audience at the World Economic Forum that “we know who you are, but also where you are”? Will at Imagethief has already made the alarmist journalism argument, so I’ll leave that to him. (The AFP headline ran under the unnecessary headline, “China’s mobile network: a big brother surveillance tool?”)

It’s hardly surprising that China Mobile can figure out about where its subscribers are when the phone is on (or when the battery’s in). This sort of technology is standard in developed mobile networks, and it’s fueling a wave of business innovation and “locative technology.”

If Markey was really shocked, he was ignorant. If he was faking it, he was taking part in China alarmism on an issue that is news to practically no one in China. This is not the place to discuss the merits and demerits of government surveillance, but no one is surprised that it’s a fact. I wish U.S. politicians wouldn’t be so willing to make such statements about China just to grab the spotlight when journalists are unnecessarily aroused.

I just doubt this really could have been shocking to Markey, who is perhaps the U.S. Congress’ most prominent name on telecommunications policy. Along with liberal members of the FCC board, he’s been a friend to the “net neutrality” movement, and he was received warmly last year in Memphis at Free Press’ National Conference on Media Reform.

You’ll also need to learn to shred like John Robb. Everyone skied well, but John was amazing. That guy can ski anything. (As for you, Ross Mason, you need to learn to ski by next year so that we won’t have to slum with boarders.

Tune in below to learn about Larry Augustin’s home-based data center, why Marc Fleury likes Spikesource, the future of Linux on the desktop, and more.

Open Source Goat Rodeo 2008
by mjasay

Want to join us? Learn the secret lasso maneuver.

It was a great way to spend two days. It was some of the most interesting conversation I’ve had in a long, long time. I can’t wait for 2009.

I’ve been meaning to have a group of open source friends out to ski for many years. In fact, OSBC was originally planned to take place in Park City, Utah. I finally got around to making the invitations, and Larry Augustin (Augustin Ventures), Jeff Borek (IBM), Fabrizio Capobianco (Funambol),Richard Daley (Pentaho), Marc Fleury (ex-Jboss), Lonn Johnston (PageOne PR), Ross Mason (MuleSource), John Robb (Zimbra /Yahoo!), Bryce Roberts (O’Reilly Alpha Tech Ventures), and Zack Urlocker (MySQL / Sun) joined in.

commentary

This past weekend some of the open sourcerors descended on Park City, Utah for two days of skiing, discussion, and pie. Somewhere in the midst of the fun we dubbed it “The Open Source Goat Rodeo,” or OSGR. Maybe it was our frustrated attempts to get off that massive cornice….

Unlike a sadly servile mainstream media, which insisted upon playing to the lowest common denominator, a spunky MoveOn appeared seemingly out of nowhere to rally online opposition to the sham taking place in Washington.

As an Internet phenomenon, MoveOn certainly demonstrated how to mobilize public opinion. Indeed, the organization, founded in 1998 by a married couple of nouveau-riche techies, Wes Boyd and Joan Blades, acquitted itself well during the Monica Lewinsky uproar.

Blades and Boyd made a bundle by convincing a sucker to pay millions for the flying toaster screen servers and other forgettable pop-culture bric-a-brac turned out by their company. But business savvy doesn’t always translate into political acumen. (If they want to give me an argument, I’d only point to Dick Cheney’s multimillion dollar payday from Halliburton as Exhibit A.)

MoveOn has played a big role in Congress’ (still-to-be-decided) Net neutrality debate, while its pressure tactics also helped stoke opposition to Facebook’s ill-considered Beacon program, which would have posted information about users’ activities on partner sites. I wasn’t as exercised about Beacon’s threat to our individual liberties. Facebook was more guilty of glossing over legitimate privacy concerns than it was due to nefarious intent. In any case, Facebook users would have rejected Beacon and forced the company to go back to the drawing board on their own. Did they really need an energetic, group-think organization to dictate the correct party line?

Nobody in this country should be above criticism–and that includes appointed military leaders. But the ad unfairly smeared Petraeus, a dedicated professional and one of the most capable U.S. officers ever to serve in Iraq. MoveOn’s lame response was that the ad was “successful” in its intent. To wit:
“Call the credibility of Petraeus’ testimony into question. It garnered more coverage than any ad that MoveOn.org has run in years. Every time Republicans debated the ad, they helped raise questions around reliability of the General’s report.”

When I read that, I could only murmur sotto voce a disgusted, “you’ve got to be f—ing kidding me.”

Now it’s Obama-grams seemingly every day arriving in my inbox from the MoveOn crowd. Enough! I’ll make up my own mind. Barack Obama’s a fine candidate, but I think Hillary Clinton would make just as capable a 44th president.

Even before then, my enthusiasm for MoveOn’s shtick had begun to wane. I think it was the “General Petraeus or General Betray Us?” advertisement last September that was the last straw.

But no matter what you thought about the nature of Bill Clinton’s actions leading up to Lewinsky-gate, MoveOn’s organizational activity represented a textbook example how civil society is supposed to function in a republic. This was interest group politics at its best–as American as apple pie and Federalist Paper No. 10.

Speaking as someone whose political views are decidedly left, I never thought I’d say this, but would Moveon.Org just put a plug in it already?

AMD announced Thursday that it is shipping triple-core processors, a first for the PC market. AMD also updated the quad-core Phenom lineup and reaffirmed that quad-core Opteron chips for servers will be available later in the second quarter.

The chipmaker also said that the quad-core Opteron “Barcelona” processor will be available from computer manufacturers in the middle of the second quarter.

AMD also announced an energy-efficient desktop quad-core processor, the Phenom X4 9100e that operates at a maximum of only 65-watts.

(Credit:
AMD)

Phenom pricing:
Phenom 9850: 2.5GHz–$235*
Phenom 9750: 2.4GHz–$215
Phenom 9750: 2.4GHz–$215
Phenom 9650: 2.3GHz–$215
Phenom 9600: 2.3GHz–$251*

When paired with the AMD 780 series chipset, the triple-core Phenom will deliver the greatest performance improvement–up to 30 percent compared to dual-core at the same clock speed–according to AMD.

Hewlett-Packard is already offering the Phenom X3 and X4 in business PCs and will add systems to its consumer lineup too, said Thi La, director of marketing, North America Consumer Computing, HP, in a prepared statement. Dell is also expected to offer systems.

AMD roadmap

*Black Edition

AMD also announced the immediate availability of four new high-performance Phenom X4 processors with the TLB bug fix. Led by the AMD Phenom X4 9850 Black Edition processor (which is designed to be overclocked), the CPUs will be matched with the AMD 790 series chipsets. The quad-core Phenoms are targeted at higher-end gaming segments.

The initial Phenom X3 processors will ship as the B2 “stepping” or version. The follow-on versions in the channel will be the B3, said Moorhead. The B3 version fixes the TLB bug, which AMD has said all along is an extremely rare occurrence and affects virtually no one except, possibly, very high-end customers. Any chips designated with a “50″ suffix will be a processor that implements the fix in silicon.

AMD Phenom models

Intel may respond to the mainstream segment challenge by changing its pricing equation. “Intel may go after it with a high-performance dual core or under price a quad core. A sub-mainstream quad core is most likely,” said Dean McCarron, founder and Principal of Mercury Research.

The AMD Phenom X3 8400 (2.1GHz) and 8600 (2.3GHZ) triple-core processors are the first processors that use three cores. This is expected to allow AMD to target price-performance points that two- and four-core processors can’t easily match. “The value proposition is simple. Three cores versus two cores. You make the choice,” said Pat Moorhead, VP of Advanced Marketing at AMD. “When you’ve maxed out your two cores…(this is an) extra core to do background tasks,” he said.

(Credit:
AMD)

Online Armor is a step up from ZoneAlarm in that it includes a database of known trusted programs. So, for example, the first time I run the Ping command it allows it and pops up an alert. The free ZoneAlarm knows nothing, so it objected to Pings. In the Online Armor history, there are two entries for that first ping. Neither shows the website that I pinged and one says it was a user decision, which is was not.

On one computer running Online Armor there is a normally installed copy of Firefox 2, a portable copy of Firefox 3 and two portable copies of Firefox 2. The Program Access section of the Firewall tab shows all four, but calls each one “Firefox”. By accident, I discovered that if you hover the mouse over the program name, a tooltip displays the path to the program. The rules section shows only two copies of Firefox and, likewise, the Programs tab shows only two of them.

The heart of a firewall are the rules governing the networking that programs are allowed to engage in. Online Armor controls this in three different places.

Windows Messenger is an IE7 browser extension that I always disable, since I don’t use the product. Online Armor trusted it, so for good luck I tried to block it. This produced the warning below saying it will be uninstalled rather than blocked. The warning is wrong - if you say yes, the Windows Messenger extension is blocked rather than removed. After unblocking the Windows Messenger extension, I deleted it and that seemed to work, it no longer appeared in IE7.

One of the first things I noticed was that Online Armor has two icons in the system tray (the leftmost two in the screen shot above). To me, one is enough. Other software makes do with a single icon (Avast antivirus defaults to two but there is an option to combine them). Someone else pointed out that both icons have the same right click menus. One icon (leftmost one above) looks like a shield and doesn’t seem to change. The other icon looks very much like the Task manager icon which, at first, I thought it was (judge for yourself - the two are next to each other in the picture above). This icon does change, it’s a vertical bar graph showing inbound and outbound traffic.

This was bad documentation. Online Armor doesn’t tell new users that special processing takes place during the first boot after the product is installed. There is a warning on their website, but there is no warning where it needs to be, alongside the message that says the installation worked and you have to restart Windows. After Windows finally restarted, Online Armour said something about completing an initial “learning process”.

One problem ZoneAlarm had was that it created an always-growing log file. I had to put a reminder in my PIM to delete this file every couple months. With this in mind, I looked to see how Online Armor dealt with logging. It seems to have both a log file and a history, the difference between them isn’t clear. Even with logging disabled (there is a checkbox in the Firewall section of the Options tab), the history is still created. Neither one seems to have an option to limit the total size of the output.

Final Thoughts

The first hint that Online Armor is not just a firewall comes from this introduction to the product on the Tall Emu website which refers to Online Armor as an antivirus program. The page also refers to trusted programs and programs allowed to access the internet as two different things. As a former ZoneAlarm user these are, to me, the same thing.

Before Scot Finnie recommends a firewall, he runs it through a battery of tests. Online Armor got an excellent score, so I don’t doubt it’s protecting my computer. Still, it will be a while before I feel comfortable with it.

The most important thing a firewall does is keep the bad guys out. That is, it prevents unrequested connection attempts from the outside world. Even the basic firewall in Windows XP does this (that’s all it does). ZoneAlarm excelled at two things in this regard, it logged these blocked intrusion attempts and it had an option to issue an alert when it blocked something. After reviewing all the options in Online Armor, it doesn’t seem able to do either. This, to me, this is a big omission. Not only did I like to audit my firewall by occasionally reviewing the log of unsolicited incoming connections, I also found it educational. There is no better way to drive home the danger that is the Internet, than to see how often bad guys come knocking at your door.

After installing Online Armor I was getting, what I felt were excessive warnings. Granted, “excessive” is subjective, but I was getting warnings that had nothing to do with networking.

That said, two features of Online Armor sound very interesting. The “Run safer” feature is much like DropMyRights, which I wrote about last year. The “banking mode” (only available in the paid version) is also intriguing. I may research these a bit more.

In all this configuration, I miss what ZoneAlarm calls “server rights’, the ability to accept incoming connections. The Online Armor equivalent is a rule with a “Dir” of “in” (”Dir” means “direction”). Online Armor commits a cardinal sin here, it uses abbreviations without explanations. This same window has an “Adv” column whose meaning I couldn’t even guess at initially.

To try and understand things, I looked into how each of these three configuration areas dealt with
Firefox.

The other computer with Online Armor had a normally installed copy of Firefox 2, a portable copy of Firefox 3 and a portable copy of Firefox 2. I ran them all at least once. The Programs tab only knows about the normally installed copy of Firefox 2. The Program Access section of the Firewall tab shows all three but the Rules section of the Firewall tab has one entry for the portable copy of Firefox 2, no entries for the portable copy of Firefox 3 and two entries for the normally installed copy of Firefox.

First, there is a Programs tab where you can allow or block programs. Allow them to do what? It doesn’t say. I turned off Program Guard, yet this window seems fully functional. Only by clicking the Block button, does it become obvious this is blocking programs from running so it must be part of Program Guard rather than the firewall. There should be some indication here that Program Guard is disabled because a user can easily make changes here and expect them to take effect, when they are, in fact, being ignored.

Controlling Programs

I poked around and found an option to suppress the bar graph traffic icon and another option to suppress both icons. What I wanted to do, see just the bar graph icon, doesn’t seem possible.

Like ZoneAlarm, Online Armor can protect the hosts file, something I think any firewall should do. I found that it let me modify the comments in the hosts file without objecting, but as soon as I changed something that really mattered, it caught me and issued the alert below. In other words, it works great. If you want to test this yourself, the hosts file in Windows XP is in C:\WINDOWS\system32\drivers\etc.

Go figure.

In Internet Explorer 7, you can see the installed Add-ons with: Tools -> Manage Add-ons -> Enable or Disable Add-ons. On both machines, when I selected “Add-ons that have been used by Internet Explorer” the list was much longer than the list in Online Armor. On one machine, IE7 displayed 20 Add-ons and Online Armor listed 7. I’m not sure what to make of this.

In the interest of brevity (this is already my longest posting), I won’t go into some other quirks in the user interface but suffice it to say, there is room for improvement.

A nice feature of Online Armor is that it shows you other computers on your LAN, something that ZoneAlarm does not. But, every time I’ve looked at it, the status of the other computers is “unknown”, it continued to show computers that had been turned off hours ago and there is a yellow light bulb icon whose meaning is a mystery.

The fact that Online Armor is not just a firewall may be what leads to my biggest gripe with the product - it’s confusing. Compared to the simplistic, free edition of ZoneAlarm, the Online Armor configuration options seem strangely spread out. For example, some Firewall options are in the Firewall section, others are in the Options section and the main on/off switch for the Firewall is in the “General” section.

When a program was approved with ZoneAlarm, you never heard another thing about it. That said, ZoneAlarm doesn’t offer the level of control that Online Armor does. Specifically, ZoneAlarm can’t restrict the ports a program uses. And, if you really care about network security, you would want to be notified if a program used an unexpected port. Still, I would have liked some way to not be notified every time my FTP program used a new port.

Speaking of notifications, below is the standard alert from Online Armor, one that was generated by installing Java. It leads with “A program wants to use the Internet”. It doesn’t say if it wants to make an outbound connection or if wants to accept an incoming connection, something ZoneAlarm makes very clear. The last option has to do with sessions, what a session is to Online Armor, I don’t know.

Rules

Kicking The Tires

The product help is not part of the installed software, rather, it’s on the web, so if you’re off-line it doesn’t exist. And, the Help button is not context sensitive. That is, it always goes to the same introductory web page rather than going directly to the page with help for the feature you are looking at. In this case, I want to read about the Rules tab, within the Firewall tab. Because there is more than one Firewall tab, finding the right section in the help takes time. The page for the Rules tab doesn’t explain these columns but the page for editing rules does. This is harder than it needs to be.

*Online Armor supports Windows XP and 2000, a Vista version is in the works.

See a summary of all my Defensive Computing postings.

Update July 17 2008: Revised the topic on incoming connections and added mention of the status display.

Online Armor also deals with Internet Explorer extensions, which ZoneAlarm does not. On both machines, it trusted the few extensions it found, which isn’t a surprise, as I hardly use IE.

And, I don’t know that it’s a good fit for non-techies. Not only is it more ambitious than just being a firewall, the paid version is a very ambitious firewall. The list of features is huge. The free version of ZoneAlarm is skimpy on features, but sometimes less is more.

The install process for Online Armor was uneventful, but then things went downhill. After installing, you have to reboot, no surprise there, I would expect this with any firewall. But, on the first computer I installed it on, the reboot looked like it wouldn’t happen. For what seemed like an eternity, I was staring at the Windows desktop image with no icons. Perhaps a watched pot never boils, but I was sure glad that I had made a disk image backup beforehand.

For example, below is a warning from Online Armor that IrfanView wants to run. IrfanView is a picture viewer and editor. It has nothing to do with networking and therefore it’s not something a firewall needs to worry about. Disabling Program Guard (you can see the checkbox is off in the screen shot above) was one of the first things I did. Program Guard may be a good thing, but all firewalls are chatty at first, that’s the nature of the beast. Adding warnings about safe, non-networked programs such as IrfanView just makes things worse.

The second thing of note is the cool looking status display shown below. I haven’t yet found the graphs at the top to be very useful, but the Active Connections section at the bottom offers very interesting information, data that ZoneAlarm did not provide.

Main Menu

My previous firewall was ZoneAlarm, whose best feature was its ease of use. Unfortunately, for a number of reasons, I no longer think that’s sufficient. For example, ZoneAlarm seems bloated. The download for Online Armor is 9.9MB, ZoneAlarm is over four times larger.

I maintain a number of websites using an FTP program. One type of FTP chooses port numbers randomly which meant that every time I used the program, it generated a pop-up notice that the new port was auto-approved. The pop-up doesn’t say that explicitly (see below) but that’s what it means. When an already approved program uses a new port for the first time, you get this pop-up and it wasn’t obvious how to turn this off.

There is a “Hide Trusted” checkbox as part of this display. Yet, even with it checked, you still see programs that are “allowed”. So, there is a difference between “allowed” and “trusted” that I’m not getting. You also see this in the Firewall section of the Options tab, which has a checkbox for “Automatically allow trusted programs to access the Internet”. What about a program is trusted, if not Internet access? This is, after all, a firewall.

I was disappointed by the history, which doesn’t show the outbound endpoint. For example, it showed that Thunderbird, my email program, made an outbound connection on port 443, but to where? Of the millions of computers on the Internet, which one did my email program connect to? Online Armor doesn’t log this, ZoneAlarm does.

Programs are also controlled in the “Program Access” section in the Firewall tab, which seems to do the same thing. That is, it too has a list of programs that you can Allow or Block. Allow to do what what was not immediately clear here either. Finally, there is a rules section in the Firewall tab (shown below) which also controls programs.

As I mentioned previously, based on a recommendation from Scot Finnie, I installed the Online Armor firewall on a couple Windows XP machines.* Scot recommended the paid version, I opted to get my feet wet with the free edition (v2.1.0.131). These are my first impressions, not a review. I don’t think anyone can base a firewall review on merely a couple days experience, it’s the sort of software you have to live with for a while.

Judging by the General tab, shown below, there are four main sections/features to Online Armor, two of which are included in the free edition - Program Guard and the Firewall.

The head of Google’s open-source programs on Monday urged international delegates to vote against certifying Office Open XML as an ISO standard, saying the Microsoft-led effort poses a risk to users who want unfettered access to documents.

In a document more thoroughly laying out its position on Open XML, Google says the core problem with the specification is that it’s redundant with ODF. The company also says it’s too specific to Microsoft Office and that it’s of insufficient quality.

“Submitting such a proposal makes a mockery of the standards process,” according to the Google assessment.

Update: in response to a reader’s comment, here is added text that reiterates Microsoft’s position.

“As ISO member bodies around the world work on possible revisions of their vote previously submitted, the deadline of March 30th approaches fast. I invite you to pay close attention, and heed the call of many for unification of OOXML into ODF. A document standards decision may not matter to you today, but as someone who relies on constant access to editable documents, spreadsheets and presentations, it may matter immensely in the near future,” he wrote.

Rather than have one document standard, Microsoft’s view is that there should be multiple document standards with different purposes.

Microsoft executives have contended over the past two years that Open XML is not entirely controlled by the company, pointing out that Apple, Novell, and large customers are on the committee at Ecma International, the standards body submitting Open XML to the ISO for standards consideration.

Bhorat said Open XML should be subsumed into the existing standard–OpenDocument Format, or ODF–which is backed by Microsoft rivals, including Google.

Delegates from international standards bodies are meeting in Geneva this week to resolve technical comments submitted after Office Open XML (OOXML) failed to pass as a standard last September. The results of the five-day ballot resolution meeting are critical for Microsoft’s two-year bid to get International Organization for Standardization, or ISO, certification.

Google’s open-source programs manager, Zaheda Bhorat, posted a blog on Monday urging those delegates to vote against Open XML because Google believes that it is an “insufficient and unnecessary standard, designed purely around the needs of
Microsoft Office.”

The survey included responses from 7,548 information security experts in various geographies. Among its other conclusions:

Indeed, three-fourths of the information security professionals around the world surveyed by Frost & Sullivan say they now consider avoiding reputation damage to their organizations as a top priority.

That fits with the times. Increasingly, companies are elevating the prevention of high-profile data security breaches to the level of a strategic goal, if not competitive weapon.

“We’re seeing a shift toward a more information-centric approach…where will need to take security consciousness beyond IT to every person in the organization,” said Howard Schmidt, the president of R&H Security Consulting. “Time is clearly of the essence and we have to rethink our approach to security,”

The most concern voiced about all security threats came from the banking/insurance/finance sector.

75 percent of respondents see viruses and Internet work attacks as top or high threats. Next in line as a security concern came hackers and employees.

The report also suggested a good news-bad news paradox: Even as the economy slows, security concerns should contribute to strong demand for products and services that help IT prevent data breaches. The report also said that regulatory compliance will also factor into the equation, feeding demand for more information security professionals.

Here’s where things are getting interesting. That new sensitivity to data loss has invited more high-level scrutiny from the business side into how IT maps out its cyberdefenses. In fact, the percentage of information security personnel reporting to executive management or boards of director has climbed to 49 percent from 21 percent just four years ago.

“Information security professionals are under increasing pressure to secure not just the perimeter of the organization but all the data and employees that belong to the organization,” according to the report, which was conducted at the behest of the International Information Systems Security Certification Consortium.

Information security may be improving but embarrassing incidents involving data loss or identity theft at the Veterans’ Administration and at TJX Companies, the operator of T.J. Maxx and Marshalls retail chains, suggest that the battle is a long way from victory.

Cyberterrorism remains more of a concern for government than for people working in other sectors.

51 percent of respondents say that internal employees pose the biggest security threat.

Now he’s talking about the power of distributed computing for operations such as search that, as he said “are very hard to do with one computer, or even a very powerful computer.” He added, “A cloud computer should have at its disposal a virtually infinite amount of disk, an infinite amount of processing power.”

More to come… Follow me on Twitter at gwbstr. E-mail sinobyte@gwbstr.com if you’re here and would like to get in touch!

So far, he’s been outlining what cloud computing is, something that he admits is not news to anyone in this room full of industry and academic researchers, and highlighting all of Google’s already deployed cloud components — Gmail, Google Documents, Picasa, etc.

I’m now sitting in the opening keynote of the 17th International World Wide Web Conference (WWW2008) here in Beijing, adjacent to the newly opened Olympic Stadium.

The first presentation is by Kai-Fu Lee, president of Google Greater China. He’s talking about “cloud computing,” the general term for developing ways to turn our computer lives into something not tied to any single device.

In addition to enabling the average Joe to regain a bit of his privacy, the rapid deployment of easy to use crypto will have a major impact on our society: The end of large scale surveillance.

I’ll now explore the technologies that will make that possible.

First, a few facts:

The big problem with the surveillance techniques currently used by the NSA, aside from the fact that they are creepy and illegal, is that they scale so well.

NSA: We're watching you….

An encrypted conversation in Adium

With regard to the mainstream voice solutions, Skype is the clear exception to the rule. All Skype communications are encrypted (as long as you don’t live in China, where the government has forced the eBay owned software company to install some fairly suspect filters).

One word: Tor. If you’re not using it already, you need to be.

Raising The Bar: The Black Bag Job

With all of the attention that the Foreign Intelligence Surveillance Act (FISA) update (and the administration’s vigorous attempts to immunize the criminals telcos), it seems like a good time to explore the issues surrounding surveillance and privacy in America today.

Thus, for most users, Skype is more than good enough - and a complete pain in the ass for law enforcement.

Secure Instant Messaging

As large as the NSA is, it simply doesn’t have that level of resources. Thus, simply due to the man hours required, the NSA’s surveillance net was limited in scope.

Anonymous Web Surfing

Mobile phones

Unfortunately, due to computers, and the willing assistance of telecom companies - this is no longer a problem. Surveillance today scales very very easily, and it is almost trivial for the NSA to spy on an additional 100,000 Americans.

These IM applications and the off-the-record encryption standard they use are protocol independent. That is, they work with AOL Instant Messenger, Google Talk, Yahoo IM, and others. By using one of these applications, your IM communications are encrypted, authenticated, and completely deniable.

Consumers will need to take matters into their own hands - and luckily, secure communication technology is finally user-friendly enough to be usable by non-geeks.

The nice thing about the black bag job - is that it is labor intensive. Want to install bugs in the home of a suspected Soviet agent? That’ll take a team of five agents, plus around the clock surveillance for a few days beforehand. Using traditional techniques, spying on an additional 10,000 Americans would require an additional 50,000 NSA black-bag-job agents to install the bugs.

Just like Google, if the NSA wants to expand its surveillance abilities, it simply has to build another data center. Want real-time spying on the phone calls of 10 million more people? No problem — just buy another 10,000 computers, and set them up with NSA’s existing pattern recognition software

While there are so many scary things being done by intelligence and law enforcement, hope is not far away. Easy to use privacy technologies are upon us, and with them, comes a radical shift in the balance of power. As this article will explain, the scalable techniques with which the NSA, FBI and other agencies can spy on innocent Americans may soon be made useless - forcing them to go back to the old school (and labor intensive) black bag job.

The deployment of easy to use cryptography for the average user will significantly upset the status quo. Large scale surveillance will no longer be possible, and the spooks will have to return to the days of the black bag job. Will they still be able to focus on high-profile terrorist targets? Sure. However, their days of spying on the average American, simply because it’s easy, could be over.

Secure Voice over Internet Protocol (VOIP)

Encrypted Computer Data

For those users not willing to trust their communications to a closed-source communications system, the gold standard really is Zfone, an encrypted VOIP solution made by famed cryptographer and cypherpunk Phil Zimmerman. While it’s easily the best tool out there, it unfortunately suffers from the network effect — that is, there really isn’t anyone using it right now…. and Skype has, in a few years, become the most widely deployed cryptographic application ever.

While we can’t rely on Steve Jobs to bring this to us, there is a decent chance that Google’s Android system may end up having these features. It’s an open platform, right? So it’s just a matter of time until someone hacks it up, and releases it.

(Credit:
The Adium Dev Team)

Skype’s security is good enough, it seems, to stump the police and intelligence agencies in Germany. They’ve had to resort to paying 2500 euros per victim suspect to install malware that secretly records the audio as its recorded and played on the user’s PC during a Skype call.

Unfortunately, out of the box, most internet based telephony services are horribly insecure. Use Vonage, Packet8, or one of the other popular VOIP services? Your calls are going over the wire in the clear. Using one of several open source hacking tools, it’s trivially easy for an attacker or nosey neighbor to snoop on your calls.

Both Microsoft
Windows Vista and Mac OS X include encrypted disk support out of the box. While I can’t speak to the Windows experience, I can say that encrypted disk support is a piece of cake on the Mac. As recent court cases have shown, this disk encryption can be a total roadblock for law enforcement, and can completely derail any attempted investigation or prosecution.

As the debate over FISA and telco immunity has demonstrated, the telecom companies are willing to completely eviscerate consumer privacy in order to help law enforcement and the intelligence community. With the telcos getting handsomely paid for their participation in illegal surveillance programs, its clear that consumers cannot rely upon AT&T and Verizon to protect their privacy.

Skype has been extremely secretive about the technical details of their encryption technologies. They paid a few security consultants to conduct a review of the system, which, not surprisngly, was rewarded with rave reviews. However, some crypto geeks have been able to reverse engineer Skype, and have determined that by and large, the program does a pretty good job.

No amount of telecom company assistance will enable the Feds to passively snoop on an encrypted IM conversation. In order to have any chance at getting a copy of the messages, Uncle Sam will need to resort to a significantly more invasive (and riskier) surveillance techniques.

In the old days, the spooks would have to rely on the so called ‘black bag job’ — a term to describe the act of breaking into a suspect’s house in order to install bugs and other listening equipment. The team doing it, at least in Hollywood movies, were, like ninjas, dressed in all black.

As fans of the HBO show The Wire will already know, mobile phone privacy and anonymity is something that there is a significant market need for. For now, psuedo-anonymity can potentially be achieved through the use of prepaid phones, but this provides no safety against a government agent with a wiretap order (or a spying agency willing to break the law).

(Credit:
National Security Agency)

For now, we as consumers are left out in the cold. However, the rise of devices such as the iPhone and Google’s Android OS do give me some hope. If we get Skype on mobile phones (a not so unrealistic possibility), law enforcement is going to have a very very tough time. Furthermore, if we can replace SMS text messages with off-the-record encrypted IMs, users will finally get the privacy they deserve.

Fact: The National Security Agency (NSA) has data-mined the call records of millions of Americans. These records were handed over to the spying agency without a court order or warrant.
Fact: Calling your Aunt Susan in Australia? The NSA is listening. No warrant? No problem. What about for international calls made to a lawyer, doctor or priest? No warrant necessary there either.
Fact: Mobile phones transmit extremely accurate location information back to the wireless carriers. The FBI, DEA and other federal law enforcement agencies routinely get access to this location data without demonstrating “probable cause,” which is typically required before a judge will issue a warrant. Fact: Most mobile providers claim that they do not save copies of text messages sent to phones and pagers for extended periods of time. However, up until the point that the messages are deleted, the companies will happily turn them over to the police without a warrant, requiring only that the prosecutors claim that the records are “relevant and material” to an investigation.
If you are arrested by the police, in addition to searching your body, they are also permitted to search through your mobile phone and look through anything that they can find. Got an
iPhone? They may be able to browse through hundreds of emails from your gmail account using the device, all without the pesky requirement that they first get a warrant.

I’ve written extensively about this form of secure communication before. Adium, one of the most popular instant messaging applications for the
Mac, ships with high-end encryption out of the box. Similarly, Pidgin, an IM application shipped with practically every Linux distribution, also includes support for the same encryption protocol that Adium uses. A port of Pidgin is also available for Windows users.

If you can get your pals to install it, go for Zfone, but for those you can’t, Skype is probably good enough.

(Credit:
Sarah Tew/CNET)

Is Blu-ray the future of laptops? If Sony had its way, that would certainly be the case. And if all Blu-ray-playing laptops were as well-executed as Sony’s Vaio NW160J, that wouldn’t be the most daunting consideration. Sony has been packaging its Vaio laptops as design-centric, relatively expensive multimedia machines with a Blu-ray-playing focus for a while now, so it shouldn’t be a surprise that the company’s new line of slightly higher than midrange laptops, the NW series, culminates with a 15.4-inch Blu-ray version.

Where Blu-ray meets wood grain: the Vaio NW160J

Does Blu-ray matter to you, or is it superfluous to your laptop-purchasing considerations? Let us know below.

Read the rest of our review.

This model, the NW160J, comes in at $929. There are even more affordable NW Vaios with Blu-ray drives inside, but the NW160J also comes with above-average, gaming-capable ATI graphics along with its midrange Core 2 Duo processor, making it more expensive than slightly less graphically robust competitors. However, if you’re looking for a well-designed Vaio with Blu-ray, a very good screen, and an excellent-feeling keyboard and touch pad–without moving up to a massive 17-inch desktop replacement–you’ve come to the right place.

Sony Vaio NW160J