Posts filed under ‘Networks’

More Reasons To Shun Webmail and Use XMPP

This is a follow-up to an earlier entry about webmail and why I was ditching it. Also recommended: Thunderbird and GPG.

Background

I had set up someone I know in real life’s computer. Hid Internet Explorer, installed Firefox and Opera, and set things up to generally block things from domains other than the one the person had gone to. You know, just the basics that everyone’s computer should be set up to do.

I get called over because “Gmail doesn’t work.” They did a site redesign, but I never see the site because I don’t use webmail. It turned out that part of the problem was that Google added more domains, and downloading an attachment caused it to be sent from a different domain, which was blocked. The rest of the problem was that the new layout is not friendly to those users who have both high volumes of current messages and large backlogs of stored messages.

This sparked thought about the problems that webmail causes, which those of us that use clients do not see.

Not My Problem: I Do Not Use Webmail

In Thunderbird or Claws-mail, I don’t have to deal with tactical support for ad servers. Attachments are downloaded with the messages that they are attached to, and able to be opened at my leisure.

Because I use clients instead of webmail, I don’t have to be concerned with someone limiting the number of messages I can view at once in order to push me to search instead of organizing and cleaning up messages. I can immediately receive messages from multiple accounts without the long log-in and wait for a ton of Javascript to load, so it can download and render the page that characterizes webmail.

I did discover that I still had some Yahoo Mail accounts from as far back as 1997. Since Yahoo does not support client access (except for paid accounts, I believe), I have no reason to ever use them, so I’ve closed 75% of them and have started clearing out all connections to the last one.

Best of all, I can use GPG signing on the one account that I still remember my passphrase.

Encryption Important

If you read yesterday’s entry and followed the link to Thistleweb’s original post, you’re starting to understand that encryption is foundational to the establishment and preservation of computer and online freedoms. I do not have any inside information, but I assume that there is some government agency which can, with reasonable effort, crack any encryption you and I might use. Encrypting your communications may dissuade most agencies from “fishing expeditions,” but once you’ve gotten priority attention, they’ll know in an hour or two what you’ve been saying.

One reason we should be encrypting our communications is that the corporations who act as hubs for our data typically offer to handle that data for zero-price, in exchange for advertising. Advertisers, in turn, want more and more of your personal information, sometimes including the content of your communications, in order to target their ads at people who are going to be interested. Personally, I do not believe it works very well. An ultra-targeted advertisement is spooky, and tends to chase people away. Be that as it may, once all the sporting goods chains have a copy of your plan to go skiing next December, you have no clue what they will do with that information. As privacy policies may be changed at any time without notice, they are not worth the paper they are written on.

Now imagine if you and your friends use PGP or GPG in your client, so that your mail service cannot read your messages. That means that the mail service cannot sell or rent that information to their advertising partners, and that sporting goods stores and home security alarm companies won’t be calling you with their offers. It means that the mail service’s director’s nephew won’t show up and ask your boss to “temporarily” assume your job during a trip that your boss does not yet know about. It means that the Keep Snow Pretty Coalition will not show up at your door (and your workplace) to protest your plan to fill some snow with ski tracks.

Now, that is all exaggerated, but the fact is, any information an organization collects will eventually be stored; any information an organization stores will eventually be misused. Encryption is your tool to help prevent the misuse or abuse of your information, and webmail is not designed for end-to-end encryption, but instead to allow the service provider to access, utilize, and present your data as they see fit.

I should add that most proprietary instant messaging services have similar issues. First of all, many of them are presented inside the service provider’s webmail service. That means that everything you send may be subject to monitoring (even after-the-fact monitoring, depending on how long the service stores messages), just like your e-mail. Their client applications are likewise advertising tools, although I’ve never seen any indication that IM contents are being fed to advertisers for targeting purposes.

Instead, I’ve found that I prefer to use Jabber / XMPP. XMPP does not have a central service provider, although Gmail / Google Talk instant messaging and Facebook’s IM are both said to be powered by XMPP. There are plenty of public providers, such as Jabber.org, Tigase.im and comm.unicate.me. One of the most important things you should do is ensure the client software you use supports both encrypted connections to the server and especially OTR. With OTR, you have some assurance that your messages are going to the correct person, with no one else reading them.

Special thanks to DuckDuckGo. When writing these posts, working the duck really helps my research.

Thursday, 2012-August-16 at 05:22 1 comment

Tech Privacy Rights As Fundamental As Gun Rights

Your private data isn’t a physical product. If someone steals your laptop, you can get a new laptop, or get it returned. It may have sentimental value, but it’s just a replaceable physical item. Information is not something that can be returned.

The value is not in the laptop, it’s in the private data contained within it. Do you have images or videos only meant for your eyes or your partners? If your laptop is stolen, count on those being shared online, count on the fact that anyone you see in your day-to-day life may have seen them, and recognize you from them. Still think that can be reversed and no harm done if you get your laptop back or get a replacement?

Continue Reading Wednesday, 2012-August-15 at 13:26 1 comment

Moving Away From Webmail: Why?

Back in the late 1990s, I encountered webmail services. I quickly signed up for accounts with every service I knew:

  • Yahoo! mail—sponsored by Yahoo!, which had a top-notch human-curated search engine directory
  • Mailexcite—later known as Excite mail—at that time sponsored by Excite and Webcrawler search engines
  • Hotmail—before it became a Microsoft property
  • and over time, various services that went by names like Warmmail, Coolmail, Coldmail, and CoolEmail—these services came and went and sometimes came back under completely different owners

What I liked about them was that I could go to the local college, the state college, or to friends’ homes and still check my e-mail without having to set up client software for each computer I used. This was before we knew a lot of the things we have learned about online security. Passwords were often restricted to 4-6 characters, often either all lower-case or all numeric.

If you forgot the password you used on site ‘X’, you would click ‘Send my password’ and check the relevant webmail account where the password would be sent.

Over time, things changed. Passwords started to require a mix of upper and lower case, along with one or more numeric digits. Then special characters were added. Passwords became longer. And ‘forgot my password’ started taking you through one or more secret questions before sending a password reset link to your e-mail. (No more mailing your password.)

It became more and more time consuming to log into a website, scroll through your new and existing messages to find the ones you choose to read, and write responses as necessary. This would be enough to make me switch back to the convenience of using client software to handle my e-mail messages (at the small cost of more complicated set-up than just typing a name and password into a couple of boxes on a webpage). But this is not even really the problem.

You see, in some areas, we have never advanced. We call it electronic mail, but it is really more like electronic postcards. This means that anyone, anywhere along the chain between you and the other party (or parties) could easily and quickly read your messages. That contract to buy a retirement property in Hawaii? Someone could have grabbed a copy, whipped out their word processor, and read everything in it. Same with that e-mail to your kid’s school about her grades. Didn’t you say they use Social Security numbers as student ID numbers?

You may say that you don’t do anything illegal and you don’t use e-mail to conduct financial transactions, therefore you have nothing to worry about. That is not so. You cannot know in 2012 whether information you “leak” today will become useful to someone who decides to use it against you in 2017 or 2022.

What is the answer? PGP. PGP (or Gnu Privacy Guard, which is a freedom-preserving implementation of OpenPGP). PGP puts your e-mail messages into an envelope, making it more difficult for someone to snoop on your message. Since the message is electronic, the envelope is also electronic, a type of public-key encryption.

Now, there are some who believe that anyone who encrypts data is doing it because they are doing something wrong or illegal. Those people are wrong. I personally believe that it is patriotic to encrypt your data. First of all, I do not believe that the government would have permitted its use if they had not figured out how to penetrate the encryption, if they are willing to devote enough time and computing power to do so. This means that encryption is not going to protect spying or terrorism. Our government will still be able to see what evil deeds such people are planning.

However, for unimportant people like you and I, people who may occasionally speed on the freeway, but do not otherwise break the law, the government is not likely to invest the effort. Our lives are too boring. There is nothing to be gained. I cannot imagine Jon and Ponch showing up at your door to write you a ticket because you admitted in an e-mail message that you drove 70 in a 65 zone.

I should point out that I have no evidence that our security agencies can read your encrypted messages. It is purely my opinion that they would still be trying to suppress PGP is some security agency had not figured out how to penetrate it. (Disclaimer: I work for a federal agency, but I don’t speak for them and they don’t speak for me.)

On the other hand, using encryption gives you some privacy. While I firmly believe the government can read your encrypted messages, the average computer criminal cannot. And more importantly, the casual observer who inadvertently is exposed to your message is not able to read it. The beat cop who is trying to make his quota cannot read it. The junior high kid down the street cannot read it.

So you and I should be using PGP (or the open source implementation, GPG) for most of our messages. Remember that an envelope only protects its contents in transit. If you’ve got the unencrypted contents sitting on your hard drive, or if the person on the other end has them, all that anyone has to do is gain access to that computer.

It is sometimes convenient to think of encryption like a vault. The locks on 1920s-era vaults probably would not slow modern criminals very much. The locks on current bank vaults are probably sufficient to slow down the majority of criminals long enough for the police to arrive. If you think encryption will protect your secret treasure map forever, you’re mistaken.

Now, once you decide to encrypt your e-mail, you’ll immediately be faced with two big issues. First of all, none of the big webmail providers supports using PGP through their websites. So unless you can get FireGPG working, you cannot do the prudent thing. Secondly, installing and configuring PGP/GPG is somewhat complicated. It isn’t really–some of the most tech-adverse people I know today set up similarly-complex software on their computers back in the 1990s–but it isn’t as easy as it could or should be.

Enter GPG4Win. GPG4Win comes with a lightweight mail client (Claws Mail), the GPG and Kleopatra and GPA software to manage the process from creating keys to uploading to public key to a keyserver to signing keys of others whom you know in person, a file encryption plugin (GpgEX), and an optional encryption plugin for Outlook. Mac users can use GPGTools instead of GPG4Win. BSD, Hurd, and Gnu+Linux users can use a somewhat less polished version or KDE’s Kleopatra.

Clearly, though, the process of using PGP and GPG needs to be simplified and streamlined. However, even in their current condition, you and I should be using PGP / GPG. And that means, given that the webmail providers have not figured out how to support it in their interfaces, that I need to pull back from using webmail for most of my messages.

I should also point out that you have to remember your passphrase, or you will not be able to use PGP / GPG. You should probably not create keys that are valid for more than a year or two. I am still learning about it, so I am by no means an expert. It just seems to me that if you forget your passphrase, you want a quick expiration, rather than waiting for years.

Monday, 2012-January-09 at 04:55 5 comments

Net Neutrality Letter

This was my submission to the FCC regarding Net Neutrality. I found it again today and thought it might merit circulation. Even though it is too late to submit similar comments to the FCC, there are two senators and a representative who still need to see this.

In the beginning, entrepreneurs put banks of modems in their garages and started Internet service providers offering dial-up service. And it was good. And lo, the telephone industry offered dial up. And their competitors offered better service at lower prices, and everyone’s phone payment paid the costs of building the infrastructure.

Then came dark days, for someone in the FCC decided to allow the telephone and cable television industries to offer high-speed access, but they needn’t allow competing ISPs to sell high-speed access through those lines. And the cable companies raised their prices and offered inferior service. They interfered with their customers’ use of phone- and video-over-Internet services in order to promote their own, higher-priced offerings. They placed arbitrary limits on bandwidth use for supposedly “unlimited” access. The phone companies, meanwhile, continued to offer only a relatively slow-speed version of Internet access. And the FCC and Congress hemmed and hawed and did little to nothing about the injustices they saw.

And lo, a new ruler arose, and with him, the FCC began to discuss whether it should mandate “net neutrality” to prevent the abuses they had observed, and worse besides. And the telephone and cable television industries gave money to Congress and gained an inside track. And there arose a movement that sought to get the FCC and Congress to protect the interests of citizens.

And this is where we stand today. I ask you to impose net neutrality because the FCC erred in allowing wireline owners to offer access and service-consuming services to the public themselves. It should have been an arm’s length transaction with similar terms available to multiple qualified ISPs (and no throttling or interference by the cable or telephone company owning the “pipes” at all). Because of this mistake, there is no free market for many consumers.

In many areas, there is the cable company and there are a few surviving dial-up competitors. In other areas, there is a duopoly, where the cable company offers faster speeds at higher prices, and the telephone company offers moderate speeds at medium prices. When the only game in town decides to interfere with the Internet services you use (possibly to make your living), you are screwed.

I ask you, members of the Federal Communications Commission, to recognize that the Internet is not the property of any company. It is not something of no consequence that can be restricted or limited for company purposes without fundamentally harming the American economy and those of us who pay those companies for our access. I ask you to represent the interests of “We the people”, the ones you work for, and not solely the interests of a few large corporations.

And I remind you that I am a registered voter and will withhold my vote from candidates for federal office who do not support the American people through Net Neutrality.

Powered by ScribeFire.

Thursday, 2010-March-18 at 17:31

Is Tech Going To Be An American Preserve?

means that the U.S. will continue to hold the tech lead.  See his story here.

First, let's take the longer-term view at the way that companies are run in our country.  I remember when some clothing was still made here.  As the domestically-produced share fell, the International Ladies Garment Workers Union launched a last-ditch "buy American" campaign with commercials singing, Look for the union label, when you are buying a coat, dress or blouse …. So look for the union label, it says we're able to make it in the U.S.A.  However, the industry was built already upon low-wage labor, so eventually, the industry moved to Asia.  Even VF, the company that makes Lee jeans, does not make their products here anymore.

In industry after industry, including automobiles, semiconductors, computer hardware, ship & submarine building, bicycles, tools, and garlic farming, the U.S. has had an overwhelming advantage and gave it away.  In most cases, the sign that the U.S. was about to suddenly lose a lot of share was some kind of big layoff or pay cut or effort to replace domestic labor with foreign labor.  We pay huge bonuses to management that hurts workers, because our financial system emphasizes short-term results.  As a result, over a period of several years, any industry of ours will slowly lose its place.

Continue Reading Wednesday, 2006-December-27 at 08:29

Tip O’ The Fedora

I’m heavily into the Fedora and Ubuntu / Kubuntu / Xubuntu Linux distributions.  This year, I have converted more of our computers away from Windows XP.  It is often because of the Windows Genuine (Dis)Advantage program.  If your major-brand computer, purchased from the world's largest retailer, gets locked by WGD, why should you buy another copy of XP?  Slap Fedora or Ubuntu Linux on that puppy, so you no longer have to deal with the anti-theft technologies.

Continue Reading Tuesday, 2006-December-19 at 16:57

Free / Open Source, Free / Open Standards, and Accessibility

IBM is donating its Project Missouri accessibility API to the Free Standards Group, according to the Linux blog. Andy Updegrove reports some more details about it.
Mark Pilgrim has written about accessibility and why it is important. I am excited about FOSS taking the lead here. As this gets incorporated into the next version of ODF and its implementations (such as OpenOffice.org, I can see less and less reason to buy an expensive proprietary office suite, especially one that will incur significant support costs because of certain changes that were made to their user interface.
It seems that once again Free and Open Source Software will be the leaders. In many ways, they always have been, but this could make the difference visible to the common user as government accessibility mandates begin to require companies and agencies to displace their old proprietary software because it is non-conformant.

Friday, 2006-December-15 at 13:07

Older Posts


RSS Slingshot

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Owner Managed Business

  • An error has occurred; the feed is probably down. Try again later.

Archives

Recent Posts

Blog Stats

  • 599,069 hits

Top Clicks

  • None

SUBSCRIBE


%d bloggers like this: