Privacy of communication

From Wired:

A Chinese-language version of Skype scans users’ chat messages for keywords such as “democracy,” and sends a copy of the offending message to the company’s servers, according to a report released Thursday by a Canadian online human rights group.

That’s despite adamant claims by the Ebay-owned company that its software offers encrypted, safe communication.

Emails, too, often prove less than private. The hacking of Governor Sarah Palin’s Yahoo account is only the most recent example.

Bottom line

if you would be unable to bear the consequences of your communication getting intercepted, you probably shouldn’t send it by Skype, email, or any other electronic medium. Of course, even snail mail can be intercepted, face-to-face conversations recorded. No communication method is perfectly secure, and, as always, you must make make tradeoffs between security and convenience. Few of us would be satisfied to go the tin foil hat route.

Read more about offline security,privacy

Bulletproof clothing

Bulletproof fashion in Mexico:

There are bulletproof leather jackets and bulletproof polo shirts. Armored guayabera shirts hang next to protective windbreakers, parkas and even white ruffled tuxedo shirts. Every member of the sales staff has had to take a turn being shot while wearing one of the products, which range from a few hundred dollars to as much as $7,000, so they can attest to the efficacy of the secret fabric.

This is a nice touch: if you get shot and live while wearing one of the garments, you can join the company’s Survivor’s Club.

Part of the protective value of bulletproof clothing is its scarcity, which is why the company screens customers to keep criminals from buying. A world where innocents wear protective gear and bad guys don’t is the safest of all for the innocents, since criminals can stick to low-powered weaponry.

If, on the other hand, criminals start using the bullet-proof clothing, their foes will probably upgrade their shooters. That’s already happening to some extent. “In some parts of Mexico,” the New York Times points out, “drug assassins have used rocket launchers and grenades to wipe out rivals.” That could become more common if criminals stop dying from pistol shots.

Protect data at border crossings

Bruce Schneier has an article in The Guardian that describes some strategies to keep your data private when crossing borders. What do you want customs agents to see when you bring your laptop, USB drive, mobile phone, or PDA across a border?

Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you’re entering the country. They can take your computer and download its entire contents, or keep it for several days.

[…]

Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won’t work here. The border agent is likely to start this whole process with a “please type in your password”. Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.

You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key – even if you also encrypt your entire hard drive – and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk (from pgp.com). TrueCrypt (truecrypt.org) is also good, and free.

The article goes on to talk about the importance of using strong passwords, as well as the limits of depending on strong passwords to protect encrypted data.

Edited to add (19 May 2008): The quoted sections of the Guardian article have been trimmed due to a complaint from one of the editors.

Read more about offline security,privacy

Debit machines stealing PINs in Vancouver

Handheld debit machines in police evidence bag

Have you used a debit card in Vancouver, Canada recently? If so, check your next bank statement carefully and contact your bank immediately if there are any unauthorized transactions.

(continue reading…)

Read more about offline security

« Previous Page