Computers

  • Encrypted Email How-to
  • “If you work for TOR, you learn more than you ever wanted to know about the horrible things that happen to vulnerable people. We also get to do work on behalf of vulnerable people. Think about what happens to people in prison after they are arrested for protesting against the government. Some of that happens because of Internet surveillance. ... I am angry at people in institutions who look the ot Read More...

  • » Cryptographic Secret Sharing Schemes
  • The more usual methods of encryption which I discuss under the menu heading computers, above ... are not always enough. Because in the real world you or your family can be struck repeatedly with large iron bars while a nice man gently asks you for you the passphrase you used to encrypt your book about corporate corruption. Sigh - what a world. Read More...

  • Everyone should run a TOR bridge
  • If you care about freedom of speech and freedom of access to factual information, you should run a TOR bridge out of your office, home, university, or wherever you have some spare bandwidth. Because a TOR bridge enables those who live in oppressive dictatorships such as Turkey or Azerbaijan or Belarus or ... to access information online in relative safety. A bridge also allows journalists, academi Read More...

  • LUKS disk or partition encryption
  • The LUKS system allows you to encrypt an entire disk drive, such as a portable flash drive, or any part of the disk (a partition) you wish. It is not appropriate for encrypting individual files. Use GPG for that. This article describes how to implement LUKS encrption. It includes some nice things you can do as well, such as requiring a USB flash key drive to be inserted before a disk can be decryp Read More...

  • A Simple (but very useful) Backup Program
  • Simple Backup Program (SBP) is a program I whipped up for a friend. He usually uses the excellent unison system for synchronisation, and rsync for his incremental backups. However he wanted something small and fast for his daily non-incremental backups to an external hard drive. SBP is the result - trivially easy to use, minimal resource overhead, compresses everything into a timestamped (optiona Read More...

  • VNC over SSH - secure remote desktop
  • It is always a good idea to be able to contact your home or office server when you are travelling. Although most people use VPNs for this (see SOHO VPN How-to)), most VPNs have a number of security and privacy problems. An easy solution is to use an SSH tunnel to ensure privacy and security. And to have everything on your server’s desktop available on the display in your laptop without eating all Read More...

  • Essential privacy tools: SSH, Tunnels, GPG, and lots more
  • If you are just looking for a quick solution to protect your fundamental human right to privacy, follow these three steps rather than read the rest of this article. (But please also see: Cyberwar is a war against you .) Read More...

  • Simple Proxy How-to
  • As a general rule of thumb no encryption (eg. VPN, proxies, etc.) based services operated from the United States or its Five Eye colonies should be used, due to the surveillance programs in those nations, their use of National Security Letters or equivalent, and their use of gag orders forbidding any service provider who receives a demand for violation of privacy rights from discussing said demand Read More...

  • DNS How-to
  • As you may know, the DNS system is the means of translating a humanm eaningful name such as ’www.bbc.co.uk’ into a computer meaningful address such as ’132.185.132.22’. The system is organised as a hierarchy. Top level domains (TDLs) such as .uk are administered by a handful of ’root servers’ in England. Read More...

  • SOHO VPN How-to
  • In this little article I am going to describe how to set up an OpenVPN system running under Pfsense or similar system in your home, and then how to securely connect to it while you are travelling around the world.If you want to trust and use the VPN built into your store bought home router (particularly if you live in the United States), well ... perhaps security is not important to you Read More...

  • How-to block most webserver attacks
  • In this short article I assume that you are running a simple server - a webserver or mail server - from which you wish to block certain countries or groups from gaining access. Read More...

  • Software jails with Fail2ban
  • Fail2ban is a helpful program to scan logs (such as email logs, webserver logs, ssh logs, etc.). When it finds a particular pattern - say of someone trying to break into your webserver - it automatically takes whatever action you tell it to. Which usually means banning the attacker’s IP or domain name for a given amount of time. Read More...

  • Secure backup and archiving
  • There are a plethora of backup and archiving programs out there. This is one more. I wrote it because it suited my personal needs better than anything else I could find. With the added advantage of automatically deleting parts of the backup if a certain passphrase is entered. Perhaps it will suit your needs as well. I call it Badger, and have been using it without any problems for several years - Read More...

  • Encryption Concerns and Issues
  • Over 150 nations have signed Articles 12 and 19 of the United Nations Declaration of Human as well as UN Resolution 217 (III), enshrining and agreeing to protect and respect the right of all to privacy. You can help ensure that the basic human rights in the Declaration are respected by holding your politicians, police, corporations, and spy agencies accountable. Read More...

  • An SSH tunnel with two-factor authentication
  • In this short article I describe how to securely log into a remote computer using SSH. And then go onto discuss how to do this using two-factor authentication to provide some extra protection. Read More...

  • STUNNEL encrypted tunnels
  • This article shows you how to set up a secure encrypted link between a server and any number of client computers using a tunnel. A tunnel is some software that uses ordinary internet ports (addresses) for some other purposes. For example, you can tunnel email over an HTTP (webrowsing) port. Read More...

  • Synchronising and backing up data: RSYNC and UNISON
  • This article shows you how to securely and reliably synchronise and/or backup data between various regardless of where they are located. However synchronisation or backups should never be performed without using a secure connection (unless of course you are just updating a flash drive locally). If you do not know why this matters, please see my article here: Is Universal Surveillance Oppression? Y Read More...

  • TOR Hidden Services How-to
  • TOR is a free system designed to help ensure your personal right to privacy as enshrined in the Universal Declaration of Human Rights. The system is maintained by dedicated volunteers, academics, corporate sysadmins, military folks, and others form all walks of life. It is of particular benefit for human rights workers in oppressive regimes helping to get the word out to the wider world about the Read More...

  • Simple OPENSSL How-to
  • Certificates act like keys to doors in your computer system or network. Without the right certificate(s), no access is allowed. By creating the right kind of certificates in the right way, you use them to validate encrypted communication between computers [428]  [428] As always of course there are caveats:: Encryption Concerns and Issues .. Read More...

  • GEOIP and Geolocation in log files
  • Although there are lots of online services to translate an IP into a city, country, and registrar address, sometimes it is desirable to do this for many IPs at once, such as several thousand from yesterday’s webserver or email logs. Read More...

  • Router Virtual Interfaces
  • A virtual network is a network using the same interface (hardware) as the main network, but logically isolated from the main network and other virtual networks. One interface card, many networks each isolated from the other. Read More...

  • Secure Webserver How-to
  • I used to run my various websites from a very basic (but secure) webserver I wrote myself. But as my health deteriorated it became more and more difficult to maintain and update it. Read More...

  • Monitor services with Monit
  • I run various services through a friend’s small server farm in another country, monitoring their proper function by the use of the free opensource software MONIT. In this article I show you the basics of how to set MONIT up to do the same. Read More...

  • Android phone security
  • “Let me state it plainly: Google and Facebook are not allies in our fight for an equitable future – they are the enemy. These platform monopolies are factory farms for human beings; farming us for every gram of insight they can extract. ... The Web is lost but it is not broken. The distinction is crucial. The Web, just like Surveillance Capitalism itself, has succeeded spectacularly and is f Read More...

  • Simple Elliptic Curve Cryptography for Home Use
  • ECC (Elliptic Curve Cryptography) is based on a different mathematical calculation than the more common type of factorisation of primes used by RSA (common with online banking) or PGP (often used to encrypt documents or email). the ’curve’ part of the name alludes to this, wherein a simple curve is used to plot points. For example y**2 = x**3 + ax + b will plot (x,y) points resulting in a pretty c Read More...

  • RSA Encryption - a non-mathematical explanation
  • Suppose that you have a secret bank account in the Cayman Islands were as the leaked Panama Papers proved, many politicians and multinational corporations keep most of their money in order to avoid paying taxes. Read More...

  • Firefox Privacy Enhancements
  • There are a lot of ways to enhance your privac and freedom of access to information - TOR, FREENET, I2P, Tunnels, proxied VPNs etc. which I have discussed in other articles on my site here. Of course not using any products from Google, Microsoft, Amazon, Facebook, or Apple has also been alleged by some to be an essential step in trying to maintian your fundamental human right to privacy as defined Read More...