Seeing headline after headline where corporate-controlled network sites are choosing to force their corporate agendas upon their users (latest is Twitter’s decision to take some of users’ curation power away and to curate users’ streams instead of allowing users to do so).
I hear frequently about how Facebook or LinkedIn or some other corpocentric site forces something on their users, despite the users’ loudly-expressed desire not to have that happen. I’m sorry, but if LockedOut’s actions are that offensive, delete all your posts, disconnect from all your contacts, and close your account.
“But everyone I know is using Facebook. I hate it, but I stay because that’s the only way they communicate.”
Yeah, I can understand that. When you leave the site, it may happen that no one you know will choose to contact you another way. But if that is the case, what it proves is that they were not contacting you because you matter. They were contacting you because you were a captive in the same place they were a captive. If you matter to them, and if they matter to you, then you and they will find other ways to interact.
As the roles at $EMPLOYER have become more narrowly defined, it is difficult to avoid stagnation. One of the things I did to help keep $EMPLOYER-related stagnation from becoming whole-life stagnation was bought a Raspberry Pi and an Arduino. (And also a BeagleBone Black, but who’s counting?)
I have not done much with them yet, but I did start using the RPi to share an external hard drive across my network, actually staying pretty close to Kevie’s instructions. I’m also messing around a little bit with Node.JS on the BBB.
I’m hoping to try some more things, and to write about them, soon.
I believe …
- That the person who refuses to allow police to enter his home without a warrant is protecting our freedoms;
- That violating the Constitution in the name of protecting it is utter nonsense;
- That it is not only our right, but our duty, to encrypt our electronic communications;
- That complacently declining to defend our individual rights and declining to protest the encroachment upon them must eventually lead to their loss.
This is a follow-up to an earlier entry about webmail and why I was ditching it. Also recommended: Thunderbird and GPG.
I had set up someone I know in real life’s computer. Hid Internet Explorer, installed Firefox and Opera, and set things up to generally block things from domains other than the one the person had gone to. You know, just the basics that everyone’s computer should be set up to do.
I get called over because “Gmail doesn’t work.” They did a site redesign, but I never see the site because I don’t use webmail. It turned out that part of the problem was that Google added more domains, and downloading an attachment caused it to be sent from a different domain, which was blocked. The rest of the problem was that the new layout is not friendly to those users who have both high volumes of current messages and large backlogs of stored messages.
This sparked thought about the problems that webmail causes, which those of us that use clients do not see.
Not My Problem: I Do Not Use Webmail
I did discover that I still had some Yahoo Mail accounts from as far back as 1997. Since Yahoo does not support client access (except for paid accounts, I believe), I have no reason to ever use them, so I’ve closed 75% of them and have started clearing out all connections to the last one.
Best of all, I can use GPG signing on the one account that I still remember my passphrase.
If you read yesterday’s entry and followed the link to Thistleweb’s original post, you’re starting to understand that encryption is foundational to the establishment and preservation of computer and online freedoms. I do not have any inside information, but I assume that there is some government agency which can, with reasonable effort, crack any encryption you and I might use. Encrypting your communications may dissuade most agencies from “fishing expeditions,” but once you’ve gotten priority attention, they’ll know in an hour or two what you’ve been saying.
One reason we should be encrypting our communications is that the corporations who act as hubs for our data typically offer to handle that data for zero-price, in exchange for advertising. Advertisers, in turn, want more and more of your personal information, sometimes including the content of your communications, in order to target their ads at people who are going to be interested. Personally, I do not believe it works very well. An ultra-targeted advertisement is spooky, and tends to chase people away. Be that as it may, once all the sporting goods chains have a copy of your plan to go skiing next December, you have no clue what they will do with that information. As privacy policies may be changed at any time without notice, they are not worth the paper they are written on.
Now imagine if you and your friends use PGP or GPG in your client, so that your mail service cannot read your messages. That means that the mail service cannot sell or rent that information to their advertising partners, and that sporting goods stores and home security alarm companies won’t be calling you with their offers. It means that the mail service’s director’s nephew won’t show up and ask your boss to “temporarily” assume your job during a trip that your boss does not yet know about. It means that the Keep Snow Pretty Coalition will not show up at your door (and your workplace) to protest your plan to fill some snow with ski tracks.
Now, that is all exaggerated, but the fact is, any information an organization collects will eventually be stored; any information an organization stores will eventually be misused. Encryption is your tool to help prevent the misuse or abuse of your information, and webmail is not designed for end-to-end encryption, but instead to allow the service provider to access, utilize, and present your data as they see fit.
I should add that most proprietary instant messaging services have similar issues. First of all, many of them are presented inside the service provider’s webmail service. That means that everything you send may be subject to monitoring (even after-the-fact monitoring, depending on how long the service stores messages), just like your e-mail. Their client applications are likewise advertising tools, although I’ve never seen any indication that IM contents are being fed to advertisers for targeting purposes.
Instead, I’ve found that I prefer to use Jabber / XMPP. XMPP does not have a central service provider, although Gmail / Google Talk instant messaging and Facebook’s IM are both said to be powered by XMPP. There are plenty of public providers, such as Jabber.org, Tigase.im and comm.unicate.me. One of the most important things you should do is ensure the client software you use supports both encrypted connections to the server and especially OTR. With OTR, you have some assurance that your messages are going to the correct person, with no one else reading them.
Special thanks to DuckDuckGo. When writing these posts, working the duck really helps my research.
Your private data isn’t a physical product. If someone steals your laptop, you can get a new laptop, or get it returned. It may have sentimental value, but it’s just a replaceable physical item. Information is not something that can be returned.
The value is not in the laptop, it’s in the private data contained within it. Do you have images or videos only meant for your eyes or your partners? If your laptop is stolen, count on those being shared online, count on the fact that anyone you see in your day-to-day life may have seen them, and recognize you from them. Still think that can be reversed and no harm done if you get your laptop back or get a replacement?
Digital Prism has a new post up telling how to improve the security of electronic mail.
Signing & Encrypting Email In Thunderbird
Email security isn’t just for the experts, or the rich. It’s for you too. It’s a bit of an enigma at first, but once it’s set up it’s pretty easy to use. This post is about the basics of how to set it up and use it, but first a look at why it’s important and what benefits you get from doing it. You can sign and / or encrypt your email. This has a variety of benefits and limitations.
Recommended reading for all.
I would encourage you to take a look at his post, and to get KeepassX (or if you’re on Windows, you may use the original Keepass http://keepass.info/) and start using stronger passwords and separate passwords around the web.
Originally posted on PillowFortress:
KeePassX is a program for storing your passwords in a convenient and very secure way. Here is a excerpt from their webpage (with slight modifications):
KeePassX saves information such as user names, passwords, urls, attachments, and comments in one single database. The entries are sorted in groups. KeePassX also offers a little utility for secure password generation. The complete database is always encrypted either with AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key.
The official site can be found at http://www.keepassx.org/, where you can download KeePassX for use with Linux, Mac, and Windows.
This is an introductory tutorial in order to get you started.
1. Start the program. When you open your new database choose a master password (see Figure 1). THIS IS THE SINGLE MOST IMPORTANT PASSWORD YOU WILL HAVE: if you lose this password, you will lose access to all of your passwords. Also
View original 1,099 more words