RATEL’s new law and our privacy
Posted by Saša Bodiroža | Filed under Freedom, Privacy, Security, internet
Serbia’s Republic Agency for Telecommunications (RATEL), published the instructions (text in Serbian) on Internet traffic interception and redirection. Basically, it allows Serbian government to read each and every bit of our communication, including HTTP, VoIP, e-mail and IM protocol. It’s not that I have something to hide, it’s just that it’s serious violation of my privacy. And I don’t really like that.
Update: I think I overreacted a bit in my comment. This legal act is not supposed to talk about violation of privacy. Violation of privacy is forbidden by the Serbian Telecommunication law, and Serbian Constitution. The whole purpose of this legal act, as I see it, is to amend element 55. of Telecommunication law.
Another comment can be found here (in Serbian).
Since we can’t change the law immediately, the least we can do is to protect our privacy. We can use encryption methods to encrypt our communication. Here are few advices:
There are web servers that support HTTPS protocol. If you start with HTTP, your browser won’t transfer to HTTPS if it’s possible. So, I advise you to try HTTPS, maybe destination server has support for it. For example, most people will type in facebook.com, which will take them to www.facebook.com, using HTTP. Instead, try typing in https://www.facebook.com. If you’re using Firefox, you’ll notice that the icon next to the address bar is blue. If you click on it, it will inform you that your connection is secured. It should be harder to eavesdrop your connection with www.facebook.com, since it needs to be decrypted first.
Encrypt your e-mails
System of GPG public and secret keys enables to encrypt and decrypt content you need to securely pass to another person. It is possible to use it with e-mails. You need to install GPG software, set it up and generate you public/secret key pair. Then you need to install Enigmail extension if you’re using Thunderbird, or FireGPG if you’re using Gmail’s web interface. For Outlook, GPGol module should work.
Setting up Thunderbird and Enigmail
How to install GPG, and generate public/secret key pair on Linux can be found here. After that is finished, download and install Enigmail. How to install GPG, generate public/secret keypair and install Enigmail on Windows can be found here.
Setting up FireGPG in Gmail.
Just follow the instructions provided on FireGPG download page.
Setting up Outlook
Follow the instructions provided here. It should work with GPGol module, but I can’t test it. I don’t have Windows, nor Outlook.
Encrypt your IM conversations
Update: A list of IM clients that support OTR messaging can be found in Wikipedia’s article about OTR. If you don’t have or don’t like pidgin, you’re free to use something else.
Pidgin, a cross-platform, multi-protocol instant messenger client, has the capability of encryption of instant messages, using Off-the-Record plugin. If you still don’t use Pidgin, I would advise you to install it.
If you’re using Linux, I’m sure you can install it through your package manager. For Debian-based systems, search for pidgin package. Also, OTR plugin is available in pidgin-otr package in Ubuntu gutsy and later, and in Debian testing and unstable.
If you’re using Windows, download the installer from here. It’s easy to setup OTR after, and the instructions can be found here.
After you installed Pidgin, start it and go to Tools -> Extensions. Locate Off-the-Record plugin and enable it. Click on configure button. For each account in the list click Generate, and select Enable private messaging and Automatically initiate private messaging.
Note to some of my friends that use MSN: What do you care more about: your privacy, or animated smilies ;)?
At the end…
This short tutorial doesn’t cover all protocols… If you know something more, please post a comment and I’ll put it in this post. Thanks.
If you have any questions, post them in the comments, and I (or someone else) will try to answer them.
Tags: decryption, e-mail, encryption, gpg, how to, howto, http, https, im, interception, internet, Privacy, ratel, redirection, Security, traffic, web
picfriender.info IM spam
Posted by Saša Bodiroža | Filed under internet
I have just received a link from a friend over MSN instant messenger that pointed to “her” website on picfriender.info. I clicked it, and saw a homepage which asked me for my MSN username and password. Why would they need it? If I needed an account to visit her website, I would need to make a new one. So, the only logical thing is they would use it to get access to my account. Well, it seemed like a spam company, so I googled them. Strangely, Google knows nothing about them for now.
Then I noticed a link to their Terms of Service, and I wasn’t surprised to read this…
“We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.”
It doesn’t smell only like spam, it is spam. Sort of legalised, though. I hope they will be closed soon. Be sure to not give them your account information, unless you want them to send annoying links to your friends. Some of them may fall for this too… And the chain reaction begins.
In case you already gave out your personal information, the fix should be simple. Just change your password over at MSN Passport/Windows Live ID website.
Update: I have just checked the information about this website, and I found out that it was registered less than 10 hours ago. It’s logical why Google still knows nothing about it…
Update #2: It seems that this is not new, Aeriff wrote a blog post on this on March 15th. The only difference is the more logical domain name (picfriender.info vs. rkntbp.info)…
Tags: im, instant messaging, internet, messaging, msn, phishing, picfriender, picfriender.info, scam, spam, threat
