Archive for the ‘Privacy’ Category

Why Encrypt if the NSA can Beat Encryption?

November 30, 2013 Comments off

I’ve been working, intermittently, for a while now on a blog post about encryption. The problem is, I’m not all that knowledgeable when it comes to cryptography and I really don’t want to give people bad information. I would hate for people to read my post, do what I advise, and then think they’re safe when in reality they’re vulnerable. So I’m going to scrap the wall of text I had written, and strip this down to its barest essentials. Fair warning: What follows is purely an opinion piece. If you’re okay with that, read on.

Because of the seemingly constant stream of new information about exploits used by the NSA to spy on pretty much everyone with an Internet connection, including revelations that they are deliberately weakening cryptography standards, it’s tempting just to give up and not bother encrypting anything at all. This is, in my humble opinion, a bad idea.

Even if some attackers (like the NSA) can break encryption, not everyone can, and there are at least some attackers for whom it would be preferable to move on to easier targets than to devote resources to cryptanalysis. Whatever attacks may exist against encryption, whatever backdoors may have been installed at the behest of the surveillance state, it’s still (if done right) better than nothing.

This is basic common sense. It’s the same reason we all lock our doors even though someone could theoretically pick the lock, take a grinder to it, or rent a backhoe and just remove the entire wall. For that matter, I don’t know for sure that the feds don’t have some kind of special key that works on every lock in America (or, um, just a really nice set of lock picks). The correct response to this is not to leave the doors unlocked.

One other thought that occurred to me was that, because the NSA apparently can’t decrypt everyone’s information on-the-fly, I could encrypt my information to make it just difficult enough to get that the NSA would have to have some reasonable suspicion before my information was worth the effort. This idea of DIY due process appeals to me, but frankly I don’t trust it. The NSA’s purported habit of saving encrypted data for later cryptanalysis could be a smokescreen for all I know, intended to obscure their ability to decrypt pretty much anything in real time. At this point, nothing would surprise me, except maybe an apology. (Smarter people than me think the math behind our best encryption algorithms is still sound, but then you should be reading about that from smarter people than me. For instance, see Bruce Schneier’s article from back in September on How to Remain Secure Against the NSA. Besides, I don’t trust myself, much less average non-technical users, to be able to overcome the endpoint security problems Schneier mentions.)

To be honest, this post isn’t a response to any argument I’ve heard from anyone. I don’t think anyone is actually suggesting that people shouldn’t encrypt just because the NSA might be able to decrypt. But it’s easy to get overwhelmed or tired or complacent, and decide not to care about privacy or security at all, and that can be dangerous. I’m arguing against my own pessimism as much as anything else, but I’d be willing to bet there are plenty of folks out there who are ready to give up.

Don’t give up.

Categories: Privacy Tags: ,

How Does Firefox Protect Users’ Privacy?

October 31, 2013 Comments off

Mozilla seems to be making a big deal out of how Firefox protects its users’ privacy. I wondered if there was anything to that, or if it was just a bunch of Scroogled-style hype.

My curiosity was first piqued when a comment on an short piece about invasive advertising gave a link to the YouTube video Firefox Paranoia:

Well, you know how one YouTube video leads to another. One of the related videos was Firefox Squares:

In case you don’t feel like watching it, here’s the gist of “Firefox Squares”: When you surf the Internet, sites you visit keep track of you and sell information about where you’ve been to advertisers. Because Mozilla is a non-profit organization, however, Firefox protects your privacy.

Did you catch the non-sequiturs there? Just because the Mozilla Foundation is a non-profit doesn’t mean it’s not interested in making deals with big advertisers. For instance, they make a lot of their money from their deal with Google to make Google Search the default. Google, of course, is one of the biggest ad companies around, and it’s not like Google doesn’t do tracking.

There’s another non-sequitur, though: What does the browser have to do with the behavior of the sites you visit? The only way that makes any sense is if the browser comes with some kind of built-in tracking protection. However, that doesn’t seem to be the case. The best I could find so far is a list of “Advanced Security” features on the Firefox Features page, but for the most part, these features are not likely to be useful to an average user in preventing the kind of tracking mentioned in the video. Furthermore, they tend not to be unique to Firefox, which undermines the “switch to Firefox” message of the video. Here are the listed security features, along with my notes:

  • “Instant Web Site ID”: This is the popup with extra information about a site’s SSL certificate. Chrome has this, too and even IE has a version of it. Both browsers are made by for-profit companies.
  • “Content Security Policy”: The blurb isn’t helpful, but a Mozilla Security Blog post about Content Security Policy explains that it’s basically an anti-XSS measure that allows sites to send an HTTP header specifying what kinds of content may be included in a page. Of course, the same post says that Chrome and IE also support the header; in fact, it’s a W3C specification.
  • “Customized security settings”: Judging by the fact that the “Learn More” link took me to the “Security and passwords settings” page, this seems to mean only that Firefox will let you choose whether to save passwords for certain sites and add exceptions to allow sites to install add-ons. This, of course, has nothing to do with tracking cookies.
  • “Parental Controls”: Firefox enforces the parental control settings entered in Windows. I was under the impression that Windows handled that on its own without depending on the browser, and the Firefox Support page on parental controls does nothing to persuade me otherwise.
  • “Secure Updates”: Downloads updates for itself and its add-ons over an encrypted (https) connection. This has nothing to do with tracking.
  • “Private Browsing”: A separate mode that avoids saving history and cookies. Not hanging onto the cookies does help, but it’s not fool-proof because there are plenty of other ways to track you. Besides, The page that explains the feature in detail even admits that “Your Internet service provider, employer, or the sites themselves can still track what pages you visit.” The feature is less about tracking than about protecting your privacy on a shared computer (and it’s far from fool-proof even then, but it’s a start). What’s more, for-profit browsers IE and Chrome have equivalent features.
  • “Anti-virus integration”: This is a handy feature, but recent versions of Internet Explorer do it, too. It appears that Chrome does as well. So again, there’s no differentiation from the for-profit browsers.
  • “Clear Recent History”: Like private browsing, this feature is geared toward protection against snoops rather than online trackers.
  • “Anti-Malware”: The browser stops you from going to known malicious Web sites. Again, so does the competition.
  • “Do Not Track”: Not only do all major browsers have this feature, but it doesn’t offer any real protection against the kind of tracking in the video. Such tracking is implied to be at least somewhat sleazy if not outright malicious, but even legitimate (and “legitimate”) operations aren’t really obligated to honor do-not-track requests.
  • “Forget This Site”: This is basically a shortcut that lets you delete all information for a given site, rather than deleting history, cookies, and other information separately. It’s yet another feature that protects against snooping, but not against online tracking.
  • “Securing Website Connections”: If I’m reading the description right (and it’s not just a wordy way of saying Firefox supports SSL/TLS), Firefox automatically switches to an https connection when one is available. This feature protects against eavesdropping, not tracking. Advertisements and other content embedded in pages can still be used to track you, and as long as it’s encrypted too, you won’t even get a warning.
  • “Automatic Updates”: First of all, Chrome does this too. So does IE, albeit lumped in with Windows Update. Second, this isn’t really a privacy or security feature unto itself so much as a way to make sure that you get new privacy and security features (including patches for vulnerabilities) when they’re available. Third, and most importantly, this feature can sometimes reduce the security and privacy of the browser: Updates may contain bugs, and they can even contain “features” that reduce privacy, such as when a Firefox update recently removed the ability for normal users to turn off JavaScript using the options window—and re-enabled JavaScript for users who already had it turned off.
  • “Outdated Plugin Detection”: Again, this has little to do with online tracking, though it’s worth noting that exploits in plugins can be vectors for spyware, so it’s not totally unrelated. Chrome does this too.

To be fair, the features page doesn’t claim that all these features are intended to protect users from online trackers, or that they’re unique to Firefox. I listed all of them anyway only for the sake of completeness. My issue is with the video, not the features list. All I’m saying is that switching to Firefox isn’t inherently going to make people safer from online tracking just because Mozilla is a non-profit.

The moral of the story: Don’t use a product just because the company behind it (even a nonprofit) says it protects your privacy. Look at what it actually does.

Categories: Privacy, Software Tags:

Some Scattered Thoughts on Privacy

June 30, 2013 Comments off

There’s been a lot in the news lately about government surveillance. This, in addition to the privacy concerns we’ve already had about online tracking, big data, and…well…the government surveillance we already knew about. I’m still getting my head around this, and I don’t consider myself an expert in the subject by any means, but I’d like to share a few things that have occurred to me.

To be clear, don’t look for a rigorously defended thesis here. I’m just thinking out loud here. Feel free to let me know if you think I’ve overlooked something, because there’s a good chance you’re right.

The first thing that strikes me is that we shouldn’t freak out. We should be upset, yes, but we shouldn’t panic. Panic won’t do anything but make normal people think we’re crazy. When our civil liberties are at stake, we don’t want to sound paranoid.

I also note that human beings shed information like my family’s husky sheds fur. Body language alone speaks volumes. Skilled mentalists can pick up enough from subtle cues in plainly observable behavior that they look like mind-readers. It’s not unlike the much-discussed metadata (phone records, server logs, and the like), which can reveal a huge amount of information. To be sure, some of this information isn’t anyone’s business and we wouldn’t want it to be spread around. On the other hand some of it is information that is impossible to keep to ourselves or that we have no right to expect to be private, no matter how much we want it to be. So once again, I have to say we shouldn’t freak out: Average people who aren’t aware of serious privacy concerns will not be convinced that their rights are in jeopardy if privacy advocates act upset about publicly available information being, well, publicly available. Remember the boy who cried wolf?

I’m not saying that all metadata should be public, of course, or that the fact that it is stored means that it’s okay to share it freely; I’ll address that shortly.

Something else occurred to me while re-reading a passage from The Illustrated Guide to Law‘s criminal procedure comic. In the “Police vs. Privacy” chapter (specifically, this page from the section on search warrants), one of the people who is arrested is told that he doesn’t have a reasonable expectation of privacy in someone else’s home (at least not without being an overnight guest). I’m not a lawyer, so be sure to read this as just my opinion, but it seems like the reasonable expectation of privacy is being treated as binary: Either you have it or you don’t. But that’s not how privacy really works: People have varying expectations of privacy based on the situation. People hanging out in their backyards expect less privacy than in the house, but more privacy than at the mall.

Similarly, I get the impression that when it comes to information, privacy is taken to mean absolute secrecy, and if you share something with anyone (save maybe your spouse, doctor, lawyer, or priest) then you may as well share it with the evening news. Again, it doesn’t work that way: People will share things with close friends that they wouldn’t share with strangers. This ties into the online tracking debate and the metadata controversy. But it seems intuitive to me that there’s something wrong with maintaining a profile of a person’s every move. It feels like stalking, even if it doesn’t actually involve physically following a person around.

I’m starting to think that it boils down to information not necessarily being secret, but still being the business of some people and not others. To use a brick-and-mortar example, if I go into CVS to buy laxatives, it’s one thing for CVS to know that and quite another for my bank, my insurance company, the NSA, the MPAA, advertisers who put up displays in the store, or my Facebook friends to know it. I don’t claim to know where the line should be drawn, especially if it needs to be drawn in the law—laws tend to have unintended consequences, after all. However, it’s clear to me that “If you’re in public, anything goes” is the wrong answer, especially combined with the attitude that anything online is inherently public.

I also want to point out that just because it’s possible for someone to spy on us doesn’t make it right. On the one hand, if you really want your e-mail to be secure (for example), encrypt it. On the other hand, to say that no one who doesn’t encrypt has any right to privacy is to imply that anyone with the ability to take something therefore has the right to have it, which is wrong for reasons I hope I don’t have to explain. In other words, there’s a difference between the possibility of an invasion of privacy and the lack of any right to privacy.

I could probably rant and rave on this for many more paragraphs, but there would be little point in doing so. These are just a few things I wanted to get off my chest.

By the way, I apologize for the…let’s be polite and say “loose”…nature of this post. I really was working on the deadline thing like I promised last month, and then I ended up having to scrap the entire post because of problems with the original topic.

Categories: Privacy