Whenever you read about a dispute between a web-based service and a country, you need to ask yourself only one question: where is the server located?

BlackBerry servers are located in Canada, and data is encrypted when it is sent from one phone to another. That’s a problem for countries that want to intercept and monitor information sent across BlackBerry networks. From The Economist article:

Countries have two basic technical methods of controlling the flow of information over the internet. First, they claim legal jurisdiction over information stored on servers within their own borders. Second, they can read or block traffic moving through the choke-points where internet cables cross the border.

Neither of those options is available to countries wanting to spy on BlackBerry users, which is why Research In Motion, the makers of the BlackBerry, have been getting flack from the governments of India, Lebanon, Saudi Arabia and now the UAE:

The UAE’s Telecommunications Regulatory Authority said it would suspend BlackBerry Messenger, email and Web browsing services beginning on October 11th if RIM does not provide a solution for local messaging control.

Fortunately, Research In Motion told its customers not to worry:

The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.

Unfortunately, Research In Motion quickly made a deal with the government of Saudi Arabia that undoes those fine intentions:

The agreement, which would involves placing a BlackBerry server inside Saudi Arabia, would allow the government to monitor users’ messages and allay official fears the service could be used for criminal purposes.

A similar deal with the UAE is likely to follow.

Staying secure when eavesdropping is a risk: VPNs

This brings up a general point about safe internet use in any setting where third parties — including governments, your ISP, or the guy next to you in the coffee shop sharing that WiFi hotspot — may be able to peek at your communications. A commentator at The Economist’s article wisely noted that:

…one can go to any hotel in Dubai, hop on its wifi with your laptop and use your own VPN (or company VPN in my case), effectively blocking them from seeing your communications.

Although it may be illegal to do so depending on your location, and I’m in favour of following the laws in the country you’re in, using a VPN may be a good idea in some scenarios.

The best explanation of VPNs I’ve read is from HowStuffWorks.com, which suggests the analogy of the internet as an ocean and most internet traffic as being like a ferry from one island to another. When you’re on a ferry, everyone can see who you are and what you are doing. It’s public.

A VPN, on the other hand, is like a submarine that allows you to travel underwater from island to island. Some savvy observers of the ocean (your ISP, for example) may know that you are in a submarine, but they won’t know your ultimate destination or what’s inside of the submarine (i.e., the information you are transferring from your computer to the destination computer).

To use a VPN, you simply need to install VPN software on your computer (some suggestions are provided below), connect to the internet, start the VPN software, then proceed to browse the net.

Drawbacks of VPNs

As with any security solution, VPNs have some drawbacks:

1. You have to trust the VPN provider more than you trust your current connection. There’s no way around this if you’re using a commercial VPN (highly technical users can set up their own VPN servers to get around this problem, but the process is too difficult for most of us). The best assurance any VPN company can give you is something like this:
   

   What needs to be understood, is that our livelihood depends on keeping you safe and honoring your privacy. If we ever compromised that, unwillingly or with bad intent, I would imagine word would get out pretty fast. I can say that here at WiTopia, we take it very very seriously.

2. They slow your browsing/VOIPing/messaging. Because of the encryption/decryption process and because your internet communications are first routed to your VPN’s servers before being routed to the ultimate destination, you’ll probably notice some lag.

A few VPN companies

I can’t promise that these companies will keep your information secure. There is no such thing as perfect security. If it’s important to you, you need to do the background research and decide for yourself if using a VPN is safer than the alternative. That said, here are two companies that were discussed by CNET and one that a friend recommended to me:

1. WiTopia
2. HotSpotVPN
3. proXPN, which is free and has a Facebook page where the company often answers user questions

Added 10 Aug 2010: U.S. authorities are already able to tap BlackBerry messages. And Bruce Schneier noted a few days ago that:

The UAE can’t eavesdrop on BlackBerry traffic because it is encrypted between RIM’s servers and the phones. That makes sense, but conventional e-mail services are no different. Gmail, for example, is encrypted between Google’s servers and the users’ computers. So are most other webmail services. Is the mobile nature of BlackBerrys really that different? Is it really not a problem that any smart phone can access webmail through an encrypted SSL tunnel?

It’s fun to get the most advanced operating system when it first becomes available, but it can be a hassle, too. At least one Wired News reporter thinks similarly:

I would not recommend going out and buying Vista off the shelf or pre-installed on a PC when it becomes available. Users will likely suffer many headaches with missing peripheral drivers and a lack of backward compatibility with legacy software, and those headaches will not make Vista worth its hefty price tag.

If possible, wait a year or more after Vista’s launch to invest in the operating system. At least by then, numerous updates, hardware drivers and service packs will likely have been released.

Security, too, could be a patchy issue (pun fully intended) during the initial weeks and months of Vista’s launch. Better to stand on the sidelines and wait until the time is right to buy the unproven operating system.

But seriously, remember when all you had to worry about was some dork impressing his friends with some virus named after a girl that kneed him in the balls last week? That was a more innocent time.

Today, viruses have come of age. And they’re not even called viruses anymore. The biggest problems today are spyware and adware. The trouble with viruses was that their sole object was to penetrate your computer, then destroy it. That didn’t make anybody rich, though, because good parasites don’t kill their hosts.

The most sinister and pervasive threats have morphed into commercially propelled vehicles for privacy extraction with a view to profit. These days, when I look at a friend’s computer that has slowed and showed signs of derangement from infection, I don’t find a lot of viruses. But I find boatloads of spyware and adware (and that’s a metric boatload, not one of those sissy imperial boatloads).

So be aware of the threat you face now. A new enemy requires new tactics–this means your anti-spyware and adware programs are more important than ever. I previously recommended Spybot and Adaware for the newly important jobs – read my review of both and find out how to get them (they’re free, of course).

Web browser:

If you’re still using Internet Explorer, you’re exposing yourself to unnecessary danger when you surf the web. Malicious websites can install spyware, adware, and viruses without your knowledge or consent by exploiting IE’s subpar security architecture. If you’ve got some spyware on your computer and don’t know where it came from, there is a good chance IE invited it in.

The fix is really easy, so there’s simply no excuse to stand on the sidelines any longer. Stop using Internet Explorer, download Mozilla Firefox, and start browsing the web safely.

Antivirus:

Norton Antivirus and McAfee are bulky programs that may actually have a disadvantage because they are industry leaders.

On the other hand (or should I say hook?), Avast antivirus is a lightweight, effective program that gets the job done with minimal fuss.

Anti-spyware:

Spybot Search and Destroy and Adaware are top notch programs that have been keeping my computer clean for years. Update and run them once or twice a week, then brag to your friends about how fast your computer runs without spyware and adware to slow it down.

Firewall:

Firewalls sound like complex things, but ZoneAlarm keeps things simple and still does an amazing job. Once it’s installed, ZoneAlarm won’t allow any program to access the internet unless you first say it’s okay. Don’t worry, though, ZoneAlarm only asks you to make a decision the first time a program requests internet access. After allowing internet access for your most frequently used programs you won’t need to actively manage anything.

If you’re thinking of skipping the firewall for any reason, I urge you to reconsider. If ever some spyware or a virus escapes the clutches of your other defense mechanisms, your firewall will prevent the malicious program from doing any real damage. If a program can’t access the internet, it can’t spread viruses to other computers, “phone home” to the person who created the program with your banking password, or act as an infected zombie machine that spams other computers when commanded to do so.

A final note:

I am in no way affiliated with any company or product mentioned in this article or on this website. I use these programs on my computer at home and think they’re good enough to vouch for. If you’ve used these programs and have any comments, good or bad, I’d love to hear them (just leave a comment below).

If you have been following this blog, you have so far installed a firewall, spyware and adware detectors, and a secure browser to keep you feeling safe and warm at night. And the best part is that it hasn’t cost you a single gold nugget to do so. Now it’s time for the final piece of software that is absolutely vital if you wish to protect your computer. As always, it’s free.

It takes a pirate to know a pirate

Avast! is a simple and clean, but ever swashbuckling, antivirus program that will have viruses walking the plank and begging for mercy. But there will be no mercy. Download it, update it often, scan often, and live a long, fully-toothed life on the high seas of security.

In an upcoming post I will map out how to use your new virus scanner most effectively. Here’s the gist of it: it’s easier to prevent viruses from boarding your ship in the first place than it is to fight them off once they’ve ransacked your rum rations and gorged a hole in the hull of your once mighty vessel.

Firefox has been downloaded 200 million times.

You can download Firefox here.

Your computer is hopelessly lost to adware and spyware and viruses. I know because I’ve seen computers like yours. If you upgraded to Firefox as I suggested in the last post, you’re headed in the right direction, but there is more to be done.

Now you need to download two programs (free, of course) that will kill anything that manages to get by your defences.

Spybot Search and Destroy

This extremely well maintained and frequently updated program eliminates all the most common spyware, adware and tracking cookies that infect all computers from time to time. Basically, Spybot will catch whatever your antivirus program misses.

Adaware

Because one anti-spyware program is not quite enough, Adaware will catch anything that Spybot Search and Destroy might miss and vice versa. Both programs are excellent and rarely miss the chance to extinguish the life of spyware, but even the best program will miss something now and again.

Now that you’ve got both of these programs on your computer, you just need to remember to update them often and run them even more often.

Let me make this very clear: you need to be an active participant in keeping your computer clean by running these programs at least once a week and more often if you’ve been infected with a load of spyware recently. They will not actively monitor your computer to catch the bad guys while you sleep.

In upcoming posts, I will recommend free antivirus and firewall programs so that you can finish building an impenetrable fortress around your electronic assets.

If you do just one thing to increase the level of security on your computer, make it a switch to the Firefox browser. If you’re like most internet users, you probably use Internet Explorer. But then again, if you’re like most internet users, you are probably not being kept very secure as you surf the web, and the browser you use is a big part of that.

How much safer is Firefox?

As of 28 July 2006, Secunia, a company that monitors browser vulnerabilities, reports that Firefox has 33 vulnerabilities, 4 of which remain unpatched. In contrast, Internet Explorer has 105 vulnerabilities, 21 of which remain unpatched.

In addition to having a greater number of vulnerabilities, Microsoft tends to take a lot longer to fix them because the company doesn’t seem to pay much attention to anyone who warns them of the browser’s shortcomings.

Firefox, on the other hand, allows anybody to submit a report indicating a vulnerability or supply the code to fix it. As a result, when vulnerabilities do appear, they get fixed rapidly.

Firefox is catching on quickly

Since its launch two years ago, the number of people who use Firefox has been climbing steadily. Currently, about 10% of all internet users are browsing the web more securely with this program.

It’s incredibly easy to start using this browser, so there is really no excuse to continue using Internet Explorer (when you install Firefox, it will even import your bookmarks that you have stored in other browsers). Did I mention that it is completely free?

Of course, if you are already using something like Opera, Netscape, or Safari, feel free to ignore this advice, as each of these are high-quality browsers that provide a good measure of security for their users.

I’m going to continue publishing articles on maintaining your security easily and at no cost, so keep an eye out.