Tools for Activists



sreaves32


http://www.rfaunplugged.org/2011/02/07/cyber-self-defence-techniques-for-avoiding-surveillance-and-the-censor/



The Internet remains one of the most powerful means ever created to give voice to repressed people around the world.
But as Peter Ekerskey reports in the Pacific Free Press, new technologies have also given authoritarian regimes new means to identify and retaliate against those who speak out despite censorship and surveillance.
To try and even the playing field and he has offered a some useful tips to netizens in places like China, Vietnam, Burma and other groups in RFA’s audience on how to stay safe and how they can be helped from the outside. 
Below are six basic ideas for those attempting to speak without falling victim to authoritarian surveillance and censorship, and four ideas for the rest of us who want to help support them.
 

6 Ideas For Those Needing Defensive Technology to Protect Free Speech from Authoritarian Regimes and 4 Ways the Rest of Us Can Help


I. Ideas for Activists and Others Facing Authoritarian Regimes

  1. 1. Understand Risk Assessment

    The first step in trying to defend yourself against digital surveillance and censorship is to understand the concept of risk assessment. Risk assessment is the process of deciding what threats you face, how likely and serious they are, and how to prioritize the steps you can take to protect yourself. EFF’s section on risk assessment in Surveillance Self-Defense can help you with this assessment.1
  2. 2. Beware of Malware

    Malware is a catch-all term for computer viruses, worms, trojan horses, keystroke loggers, spyware, rootkits and any other kind of software that makes a computer spy on you or act against your interests.
    If a government is able to install malware on the computer you are using, then it doesn’t matter what other steps you take: your files and communications will be subject to surveillance.
    If you have your own computer, you need to be sure to install security updates and run anti-virus or rootkit scanning software. You also need to understand that these measures only offer limited protection. For one guide to anti-virus and firewall software, see the Tactical Technology Collective’s “Security in a Box” guide.
    It is important to note that if you are using a shared computer, such as a computer at an Internet cafe or a library, the risk of surveillance by malware may be greater. If you need to use a public computer for sensitive communications, you should use a bootable USB device or CD (such as Incognito) to mitigate the risks posed by malware.
    You can use a bootable USB or CD for the most sensitive things you do with your own computer, too.
  3. 3. Choose the Least-Risky Communications Channels

    You should be careful in choosing the channels through which you communicate with other individuals and activists.
    • Talking in person is usually the safest way to speak (unless others are watching you, or your location is bugged).
    • Understand the risk associated with phone calls. Most governments are able to record who calls whom, and when, all of the time. Currently, most governments outside the US/EU have a more limited, albeit unknown ability to record and listen to the phone calls themselves. For instance, it is believed that they will be able to tap phones, but only a limited number (perhaps a few thousand) at any given moment. You should always assume that a call to or from a phone belonging to an activist, or regularly used for activism, may be bugged.
    • Avoid SMS text messages. These pass unencrypted through major telecommunication providers and are easy for a government to harvest and analyze on a massive scale.
    • Protect Internet communications by using encryption2 and by choosing (preferably offshore) service providers that are trustworthy and unlikely to cooperate with your government.
      Here are two channels which are easy to use and which offer some protection:
      • Use the OTR instant messaging plugin. This is easy if you and the people you communicate with can install the Pidgin or Adium X instant messaging programs on your computers. Details on how to do this are available here. Disable logging to ensure that if your computer is seized, your communications aren’t on it.
      • Use a webmail provider that supports https encryption. Services likeRiseUp.net place a premium on their users’ privacy. Gmail now supports encryption by default, but consider whether you can trust Google not to hand your communications to your government.3Make sure every that time you send or receive an email, the pages uses https — otherwise, your messages could be intercepted.
      There are many other ways to arrange for secure communications, although many require more technical expertise. See SSD for further detail with respect to securing email.
    • Encrypted Voice-over-IP is possible, but many VoIP services do not support it. Two exceptions are ZPhone and Skype. Unencrypted VOIP is very easy to tap, including most telephone cabinets at Internet cafes.
      The level of security afforded by the popular commercial VoIP service Skype is unknown. We believe that countries with sophisticated intelligence services will find ways to defeat Skype’s security, while less sophisticated intelligence services may be confounded by it. China is known to have produced its own trojan-infected version of Skype. It is also known that there are weaknesses in Skype’s security architecture.4 You should assume that the intelligence services of countries like the U.S., Israel, Russia, or Cuba could defeat Skype’s encryption. But as far as is known, most less developed countries are unlikely to be able to decrypt Skype’s communications in the near future.
  4. 4. Use Encryption to Prevent Surveillance and Censorship of your Web Usage

    Censorship and surveillance of Internet connections are intimately connected: it is difficult to censor communications without at the same time being able to watch and understand them, because it is difficult for the censorship system to tell the difference between the communications it intends to block and those it does not.
    There are many ways to use encryption to protect your communications against surveillance and censorship. You can use some Internet services with their own encryption built-in (see above for instant messaging, or webmail using https). But if you want to use encryption to protect all of your web browsing, try one of the following:
    • Use Tor. Tor will encrypt your communications and bounce them around the planet before sending them on to their destination. It offers a high level of protection against eavesdropping by your government5 and is not hard to use. The greatest challenge with using Tor is that it often slows browsing down a great deal; expect page loads to be slowed down by ten seconds or more.
      If you live in a country where the very fact that you use Tor might be seen as grounds for singling you out for arrest, further surveillance, or other unwelcome scrutiny, you should only use Tor in combination with a Tor Bridge. See section 6 below.
    • Use an encrypted proxy or Virtual Private Network (VPN) to tunnel your traffic overseas. This approach offers slightly less protection than Tor but tends to be faster. There are many ways you can try this:
      • Use a public, SSL-encrypted proxy server. Understand that unless you know who runs a proxy, there is a chance that it is run by your adversary.
      • If you have access to a Linux or Unix account overseas, you can instantly create your own encrypted proxy server using the ssh program (which comes installed on Mac OS X and Linux computers, and can be easily installed on Windows). Here are two pagesdiscussing how to do that.
      • Use a service like Hotspot Shield.
      • Use an overseas VPN service. Companies such as Relakks sell access to services of this sort.
  5. In addition to the steps above, you may find that EFF’s HTTPS Everywhereextension for Firefox is useful. It tries to switch sites over from http to https where that is known to be possible. It is not a substitute for Tor or a VPN, but it provides some extra protection even if you are using them.

    5. Be Careful of What and Where You Publish

    • Avoid publishing material under your own name, or including facts that might be clues to your identity, unless you are willing to take the risk that authorities will target you for reprisals.
    • Avoid publishing material through hosting services that have a commercial presence in your country, or which are likely to cooperate with your country’s government. Be aware that some countries have treaties which lead them to assist other countries’ law enforcement requests.
    • Only publish material through services that use https. You should see the https prefix in the browser address bar, and an unbroken lock icon in your browser window: not just during login, but the entire time you are using the site.
  6. 6. Should I use a Tor Bridge?

  7. Tor Bridges are a more discreet way to connect to the Tor network. Normally, if you use Tor, someone watching the network could observe that your computer was connected to the Tor network.6 If you use a Tor Bridge instead, it will be much harder to tell that you are using Tor.
    If you use Tor and live in a country with a strong tradition of Internet censorship, your government might suddenly start blocking connections to the public Tor network. In that case, you should have a Tor Bridge address ready for use if that happens.
    If you live in a country where the mere fact of using Tor might expose you to unwelcome attention or worse, you should never use Tor without configuring it to connect through a bridge.
    You can find information about how to configure Tor to use a bridge at:https://www.torproject.org/bridges
    You can find some addresses of Tor bridges at https://bridges.torproject.org/, or by sending email to bridges@torproject.org with the line “get bridges” by itself in the body of the mail.

II. How Can I Help Others Around the World Escape Surveillance and Censorship?

Perhaps you don’t live under an authoritarian regime, but you’d like to help people who do. At the moment, here are our main suggestions:
  1. 1. Run a Tor Relay

    Donate some of your bandwidth by relaying encrypted traffic between Tor nodes. Follow the instructions at the Tor Project’s website, but be sure to disable exiting from your machine, unless you intend to run an exit node (see section 3 below).
  2. 2. Run a Tor Bridge

    Act as a bridge, to help people in countries with extreme Internet-censorship and surveillance practices. If you aren’t sure whether you should run a relay or a bridge, read the Tor Project’s advice on the subject.
  3. 3. Consider Running a Tor Exit Node

    Unlike running Tor relays and bridges, running a Tor exit node requires significantly more care, organization, and commitment. Tor exit nodes are the machines which pass traffic out of the Tor network and on to its final destination on the Internet.
    Exit nodes are vital to the operation of the Tor network. But, unlike the rest of the network, much of the traffic they carry is unencrypted. Tor exit nodes are the machines that will be fetching websites for dissidents in Iran or Burma to read; they are the machines that will be sending blog posts on behalf of those dissidents; they are the machines that will leave digital logs behind on the websites and servers they visit. But because Tor can be used for any purpose, it is also possible that Tor exit nodes will generate complaints about copyright infringement, web-spamming or other forms of antisocial network activity – and those would be associated with the exit node’s IP address.
    If you decide to run a Tor exit node, it is important to anticipate the possibility of such complaints, and ensure that you don’t get blamed for antisocial things that a few of the hundreds of thousands of Tor users do. You should therefore read the Tor project’s advice on running exit nodes.
  4. 4. Run a Proxy for Friends

    If you have friends in a country where Internet censorship is a problem, you could run a private proxy for them. Unfortunately, in order to do this securely you will need to obtain an SSL certificate for the proxy; this is quite an involved process.
    If you run a Unix-like operating system, understand what shell access is, and trust your friends, you could give them shell accounts to use to create a personal proxy with ssh -D.
  1. 1. Many aspects of the SSD website were designed for people living under U.S. laws; these may not be applicable in other places, but the risk assessment principles are universal.
  2. 2. Encryption uses math to transform a message in a way that makes it unreadable to anyone except those that have a means of decrypting the message. You can protect the security and privacy of your information by encrypting it before sending it over the Internet. If encryption is used properly, the information should only be readable by you and the intended recipient.
  3. 3. Google Gmail is a good choice from a computer security perspective: it gives you secure email and instant messaging with other people who use Gmail in https mode. The biggest problem with Gmail is that Google might be compelled by your country’s laws to disclose your email to the government. This is especially a risk in Western countries, and any other countries where Google has offices and corporate operations that might subject it to local law. You may be able to estimate the risk in your country by looking at Google’s data on the number of government requests it receives from each country. Visithttp://www.google.com/governmentrequests/ and click on “Data requests”. Note that countries with fewer than 30 requests are not currently listed on that site.Smaller services like RiseUp.net are exposed to fewer jurisdictions, but you should be mindful that your government might regard the very fact that you use a small, privacy-preserving email service as grounds for suspicion. Note that if youdo use Gmail, you should take care with other Google services that are connected to the same account. For instance, using Google Buzz and Google’s Profile features may reveal your email contacts to a wider audience.
  4. 4. Problems include: the fact that Skype is typically installed from http:// sites and could readily be tampered with by a third party; the fact that the Skype corporation acts as an authentication and PKI broker, and could itself execute man-in-the-middle attacks; and the fact that remote code execution bugs are periodically found in Skype. For a detailed analysis of Skype’s cryptographic design, see http://www.secdev.org/conf/skype_BHEU06.handout.pdf.
  5. 5. Note that while Tor always prevents eavesdropping by your network, ISP and government, you should be careful sending usernames and passwords over http:// with it, since those have to leave the Tor network and travel to the web server unencrypted. https:// websites are safer in that respect.
  6. 6. The signs are that your computer connects to a large number of Internet addresses, all of which are in the public directory of Tor nodes.

 2 Responses to “Cyber Self Defence – Techniques For Avoiding Surveillance And The Censor”



THE WAR ON MEDIA FREEDOM: UNDERMINING THE INDEPENDENT ALTERNATIVE ONLINE MEDIA, EUROPEAN UNION TO REGULATE

By Nathan Allonby | Global Research
A new report written for the European Commission recommends regulation of internet news, modifying search engines to control access to “conspiracy sites”, the creation of European government news agencies and the training of new “cadres of professional journalists… for… science, technology, finance or medicine”.
The report also urges EU politicians and leaders of EU institutions to give regular news conferences, to emerge from the shadows and take centre stage as the real leaders of Europe. This marks the beginning of a new era for the EU, and for its control of the media.If you are reading this in USA or Canada, be aware that what comes to Europe could also come to North America, due to the Euro-Atlantic Area of Cooperation. This a process of convergence via which Europe and North America will adopt similar policies on “freedom”, justice and security, to be implemented by 2014, which appears applicable to the latest media proposals.
The report (A free and pluralistic media to sustain European democracy) was published this month by a High Level Group (HLG), formed by European Commission, which includedLatvia’s former president and a former German justice minister.The policy behind this report has been under continuous development for some time. The aimsdescribed in 2011 included : – the opportunity to “reconquer” press freedom, with specific target countries including Hungary, France, Italy, Romania and Bulgaria; to increase coverage of the European Union, and to regulate the internet and social media such as Twitter and Facebook. The last of these aims has received EU attention since the London riots. (See The press in Europe: Freedom and pluralism at risk | EurActiv)
Some of the key points in the report are listed below: -
  • The EU claims legal authority (“competence“) to regulate the press and news media.
  • In this context, the report offers no definition of what constitutes “journalism” and what will be regulated, but instead recommends “debate among all stakeholders on … guidance to courts“.
  • A large portion of the report relates to the internet, new media and search engines. Internet search engines are proposed to be included within media regulation.
  • The report specifically endorses Cass Sunstein‘s comments on the internet and extremism. The HLG report says that “Cass Sunstein, for example, raises concerns that the internet will enable people to be less engaged in society, given increasing capabilities for personalised filtering and the decreasing presence of … newspapers… undoubtedly have a potentially negative impact on democracy… we may come to read and hear what we want, and nothing but what we want. … The concern is people forgetting that alternatives do exist and hence becoming encapsulated in rigid positions that may hinder consensus-building in society.” The report continues, “Information isolation and fragmentation, together with an inability to check and evaluate sources, can have a damaging impact on democracy“.
  • To tackle this, search engines are proposed to be included within media regulation. Search engines are highlighted as having a major impact upon content viewed and the prominence in which it is presented: – “the new media environment increases the importance of ‘gate-keepers’, digital intermediaries who are the access route to the internet (for example search engines and social networks) … For these actors, only the EU has the effective capacity to regulate them
  • Sites reproducing articles (“news aggregators” and “digital intermediaries“) could be subject to new restrictions requiring balanced content. The report says that “Digital intermediaries, such as search engines, news aggregators, social networks… should be included in the monitoring of the sector. The increasingly important role they play in either improving or restricting media pluralism should be considered, especially as they start producing content. However, care must be taken to distinguish between media that publish original work directly, and services that allow users to republish or link to other peoples’ work.
  • It is proposed that there should be a subsidy supporting responsible journalism, to news media meeting defined criteria – “There should be streamlining and coordination of support and funding for quality journalism”.
  • The report recommends there should be research fellowships to train investigative journalists – “In order to build up cadres of professional journalists competent to operate in … investigative journalism, journalistic fellowships should be offered [at] Universities and research centres … to be funded by the EU. … The fellowships would be particularly valuable for investigative journalism, or for training journalists to mediate between complex subjects such as science, technology, finance or medicine and the wider public.
  • The report recommends that “Media literacy should be taught in schools starting at high-school level. The role media plays in a functioning democracy should be critically assessed as part of national curricula“.
  • “[T]he HLG notes the founding of the Centre for Media Pluralism and Media Freedom in Florence in December 2011, entrusted with generating policy studies and papers” and “the funding of research projects such as MEDIADEM (European media policies: valuing and reclaiming free and independent media in contemporary democratic systems)
  • The European fundamental rights agency is unveiled as a major actor in the strategy.
  • The EU would become a regular presence on the news. It is recommended that “EU political actors have a special responsibility… in triggering European news coverage. The Presidents of the EU institutions should regularly organise interviews with… national media from across the EU.
  • It is also recommended that “funding for cross-border European media networks (including such items as translation costs, travel and coordination costs) should be an essential component of European media policy. Support for journalists specialised in cross-border topics should be included in such funding.
The following observations and comments could be made about the above: -
  • Many were surprised that Prime Minister David Cameron and the UK government refused to create a new press regulator in response to the Leveson Report. Was the reason because they were already awaiting the European HLG report and a coordinated European action plan? It appears that the British government has been pushing for controls on social media since the summer riots of 2011. The British public has become used to policy laundering, where the British government pushes the EU to introduce unpopular measures, then blames these on someone else.
  • The proposals to control search engines should be regarded as significant. The proposals would control access to information, rather than merely the news media alone.
  • The technology to modify search results is already highly sophisticated, having been refined in China for over a decade. Google recently withdrew anti-censorship functions from its search engine – some allege under pressure from the government of China, which had been reducing access to Google services. Meanwhile Chinese internet controls have greatly increased in sophistication, for example, with the ability to detect and sever connections when Tor, Onion, encryption or Virtual Privacy Networks (VPNs) are in use.
  • In respect to “consensus-building in society“, although the European HLG report says “It is clearly not possible to force people to consume media they do not wish to“, equally nothing in the report appears to rule out restricting access to certain material or viewpoints.
  • The European HLG recommendations should be seen in the context of proposals, in both the EU and the UK, to record internet searches and websites visited. The EU Telecommunication Data Retention Directive is currently under review and the European Parliament voted in 2010 for this to be expanded to record all internet searches.
  • The HLG report is an outline statement of general principles, with the detail yet to come.
  • This report marks the public announcement of a long-term war on media freedom that has been carefully planned in advance, since at least 2011.
  • This is only the beginning. The funding of the new Centre for Media Pluralism and Media Freedom and of research projects such as MEDIADEM will create an industry to generate new proposals and new regulations.
  • The EU is set to appear as a regular feature on our news, with the creation of new EU press agencies, media channels, and EU-funded and EU-trained reporters, reporting a new style of “cross-border” European story, featuring the EU and its institutions. EU politicians and leaders of EU institutions are going to be on the news regularly.
  • It appears the EU is set to emerge from the shadows and take centre-stage in political coverage, as the real policy-making government of Europe.
  • By interesting contrast, the EU has been moving to reduce internal transparency and access to documents, such as legislation in draft. There will be more seen, but less content.
  • The proposals for “pluralism” and balance seem likely to significantly affect many internet alternative news sites.
  • Sites which include a mixture of both “aggregated” news (links from other sites or articles reproduced from other sites) and original content – perhaps the majority of alternative news sites – appear to fall under new proposed controls on balanced coverage.
  • The mention of courts sounds ominous. The European Court of Justice (ECJ) has played a significant role in advancing the scope and powers of the EU, and in effect acts as a major law-making body in its own right.
  • The report does not mention the significant audience movement away from traditional mainstream news media, such as TV and newspapers, which appears to reflect widespread dissatisfaction with the type of news coverage and content it seeks to advocate.
  • The proposal to subsidise such news reflects the fact the public just won’t buy it.
  • Although unstated, perhaps this is why the report aims to re-educate the public, starting in school.
  • There is an obvious conflict between genuine pluralism in the media and the aim of “consensus-building in society“. The HLG report is concerned with the latter. Welcome to a new form of “pluralism” – one that is regulated, harmonised and politically-orthodox.
  • Historically, controls on the press have always suppressed criticism of governments, never increased balance.
  • Mainstream media coverage in general features striking bias – pro-government bias, both in terms of the amount of coverage and prominence, relative to opposing viewpoints.
  • It would be naive to think that new requirements for balanced coverage would in any way reduce pro-government bias in reporting. For example, do we expect that the report’s concern about “people forgetting that alternatives do exist and hence becoming encapsulated in rigid positions” is also intended to call for greater coverage of alternative viewpoints critical of the establishment? Is this likely to mean that mention of the events of 9-11 should in future be balanced by mentioning that a significant proportion of the population disputes the official account? Would reporting on new counter-terrorism security measures be balanced by reporting that the majority of the population does not agree they are justified? Would reporting of the debate in Parliament be balanced by mentioning that certain issues are prohibited from discussion, or that both government and opposition are led by Bilderbergers who hold similar views to each-other and support similar policies?
  • Even-handed balance is not practiced by the mainstream media – for example, they have not presented the version of events from viewpoint of the Gaddafi government in Libya or Assad in Syria, despite some reasonable justification for this. Reporting in the run-up to the invasions of Afghanistan and Iraq was not even-handed, with considerable grossly non-factual reporting, such as the fantasies about bin-Laden’s caves at Tora-Bora. However, it is not this type of reporting that governments are seeking to change.
  • The creation of new “cadres of professional journalists… for… science, technology, finance or medicine”suggests these are key areas where European Commission has been unhappy with the presentation or wants to take control of the debate. Think of alternative medicine, GM crops, global warming, nuclear power and the banking crisis, to mention a few. These are fields in which the alternative media has had significant impact.
How should we respond to this?
The main thing is not to be passive – these are still only proposals and have yet to be formally accepted by the European Commission. Now is the time for protest and opposition.Developments in the United Kingdom are worth watching because the UK is believed to be bidding to lead cyber-security and policing in Europe. There is overwhelming public disapproval of internet surveillance proposals – parliamentary consultation on the legislation received 19,000 emails against, 0 in favour.However, although the legislation may have stalled (temporarily), the £ multi-billion investment in the internet surveillance programme has not. It appears the government approach to democracy has reached the stage of “So, how are you going to stop us?” They have realised that the opposition may be vocal, but is also disorganised and has no strategy against implementation without public consent.One factor the government may have overlooked is that the British government internet surveillance strategy requires a public-private partnership and the active cooperation of commercial operators such as search engine providers (e.g. Google) and social networks. Although the government may not be moved by public opinion, it seems extremely likely that commercial organisations would be deeply affected by bad publicity and falling sales. Coordinated consumer pressure could easily provide a major set-back to government plans, and probably set the scene for a complete roll-back – if only opposition could be coordinated.Unfortunately, this aspect of the government analysis is correct – public opposition is disorganised and largely ineffective. This is mainly due to passivity and complacence. As an adjunct to a previous survey of the introduction of ID cards worldwide, the author of this article also read about any opposition to these schemes, nation-by-nation. Although introduction of these schemes was being organised and coordinated globally, opposition was disorganised and rarely organised even at a national level – the globalist side had almost completed its victory before the general public had even woken up. Despite the article being read by hundreds of thousands of people and translated into several different languages, barely a handful of people responded to the invitation to contact the author. This is reflective of the level of passivity which has hampered the organisation of real opposition.
If there is ever going to be any opposition, this is the time to establish contact with others, to get a trans-national opposition off the ground. We have to build real bridges between people – direct, human contact, face-to-face where possible – before the EU begins to monitor, regulate and close access to the internet. At present, it is relatively easy to read and publish articles, to find and link up with people who disagree with the mainstream, globalist agenda – soon, this could be much more difficult, when we can no longer communicate easily.
This is also the time to download and save information from the internet, particularly valuable knowledge about subjects such as alternative medicine, science and the real history of our society. Store it permanently, on disc or better still on paper. Let’s make sure they can’t take it away from us.
This is the time to establish an alternative internet, which they can’t control. Three main strands have been mentioned in articles recently: -
It is also worth implementing anti-surveillance measures, such as described in this – Techniques For Avoiding Surveillance And The Censor.
We don’t know how much time we have – let’s not waste it.


No comments:

Post a Comment