07 November 2014

Was Sheryl Attkisson's computer hacked? The video is hardly compelling evidence

The Politico has published an exclusive cell-phone video provided by former CBS News reporter Sheryl Attkisson and supporting her claims that her computer was hacked, presumably in relation to her inconvenient reporting on Benghazi and other Administration scandals.  The video shows a Word document on her Macbook Air being modified by some mysterious operator.

Now, this would be easily enough explained if Attkisson had enabled some standard OS X features and a malevolent operator had leveraged them, or if an attacker had somehow installed and enabled remotely-accessible hacking tools.  But, as I'll document, there are problems with either explanation, and with dismissive explanations from some observers that Attkisson was simply experiencing "garden variety technical glitches."  In particular there is one detail in the video that seriously needs explanation from Attkisson or whoever set up her Mac.

First, Macs (and PCs) have remote desktop sharing capability. It's normally disabled but is easily enough enabled by a user with administrative privileges on the machine. I use it all the time to access an old Mac that I use for archival purposes.

But, I know that machine's IP address. I can't just access anyone's Mac that way: it must be enabled, I must know the machine's IP address (and unless it's connected directly to a DSL or cable modem, there's no easy way to get to it from outside the LAN that the machine is on, unless a dynamic DNS utility is running on the machine, which on the evidence I'd doubt Attkisson would know how to arrange on her own).

But there's a problem.  Sitting at the target machine, the phantom operations from a remote desktop-sharing operator look a lot like what Attkisson shows in her video. But, if one is using ordinary Mac screen sharing as built-into OS X, there is an icon in the menu bar that lets you know that control of the machine is being remotely shared. An example is shown below, highlighted in blue: ​


 In what little of that corner of the screen Attkisson shows, there's no such icon: ​


Instead, from left: Dropbox (fully sync'd), AppleScript, Time Machine (OS X's built-in backup utility ...and it seems Sheryl hasn't backed up lately), Bluetooth (on), WiFi (connected), speaker volume, battery (charging), date/time (apparently it's Monday).

There may be other items to the right of the edge of the screen capture, but this moment, at about 0:50, was the broadest view I was able to capture from her video.

...Wait: AppleScript?

AppleScript is a built-in OS X capability that allows easy recording and playback of keyboard, menu and screen operations.  What is its icon doing in the menu bar during this video?

Based on the video, either:
  • The attacker is using OS X Screen Sharing but its telltale icon resides just off the edge of the video.  The issue of getting to the computer through whatever WiFi network it's logged into is still tough to explain. 
  • Or, the built-in screen sharing capability is not what's being utilized by the remote attacker, meaning Attkisson's computer was really and truly hacked.
  • Or, something other than a remote session is actuating the mouse and keyboard off-screen, such as a USB or Bluetooth external keyboard... or an AppleScript macro. 
Bottom line: It's a shame that Attkisson isn't more computer literate (and better videographer!), as this video raises more questions than it answers, and dastardly action by some government agent is not necessarily the likeliest explanation, much as one might want to think so.

06 September 2014

How to easily share Keynote presentations and other iWork documents with colleagues

I do a ton of presenting and have found Keynote on my iPad to be a tremendous upgrade over PowerPoint.

  • There's no waiting for boot-up, 
  • Transitions are beautifully fluid, 
  • Animations and videos are 100% reliable and always smooth (and never a black box on the screen where a video is supposed to be!), 
  • Projector compatibility is untouchable, and
  • Courtesy Geekwire's excellent article, "Undeterred
    by Office for iPad, Apple updates iWork suite"
  • Integrated presentation tools such as virtual "crayons" and "laser pointers" mean you never have to face away from your audience.  

In a competitive environment, Keynote is a valuable arrow to have in your quiver.  Plus, the software runs identically on my iPhone, meaning you can always have your presentations in my pocket.  Being able to whip out a compelling, good-looking presentation at a moment's notice conveys a valuable message of preparedness and professionalism.  That is not of merely academic merit-- it has meant actual, substantial sales for me.

Keynote presentations also transport reliably.  There are none of the missing-font and misplaced-video issues that have afflicted PowerPoint for two decades.  With Keynote, all media and other resources are bundled together in an amalgamated file format.

However, the locked-down nature of iOS presents obstacles to sharing Keynote presentations with colleagues.  You can store a presentation in iCloud and share a link to that, but if the presentation is large, chances are excellent that the download into the recipient's device will break at some point.  Perhaps that will improve over time.

iOS also pioneered a concept of hiding the device's file system, having applications own and manage their own files instead.  There is nothing like a Windows Explorer or Finder in iOS.  You open Keynote; your Keynote files are right there.

A mysterious option

First, let's agree that using iTunes to convey files from device A to device B is not acceptable in this day and age.  Next, let's stipulate that iCloud's current file-conveyance capabilities aren't yet industrial-class, especially with larger Keynote presentations.

But there's a third mechanism: the mysterious WebDAV option you may have noticed in Keynote and other iOS apps, both on iPad and iPhone.

Web Distributed Authoring and Versioning is a standards-based approach for making the web a readable and writeable medium.  It provides a web-centric, firewall-friendly way of accessing and storing files across the Internet.  Sounds good... but, it's not clear what even the first step should be for leveraging this technology on iOS.

First, fond as I am of Dropbox, it does not support WebDAV, and per their FAQs they have no plans to do so.  So it's not a solution here.  There are third-party services such as DropDAV that you can subscribe-to that provide WebDAV compatibility for Dropbox, but for my occasional usage the annual cost seemed unreasonable, and some users would be justifiably uncomfortable with allowing a third-party service to have access to their Dropbox'd files.

A few competing cloud storage providers provide rudimentary WebDAV compatibility, but flaws abound.  Box.net, for example, lets you upload and download using WebDAV-- but with a catch: At least for the pricing tiers I explored, you have to give your account username and password to anyone you want to be able to access any file.  That's such an obvious non-starter that it's almost mind-blowing.  Even more mind-blowing is how universal it seems to be; I spent hours exploring various services and this sort of idiocy is depressingly common.  Shame on you, Internet.

An exceptional exception

Finally, an exception popped up.  There is a Swiss online storage company, MyDrive.ch, which offers a responsive, secure and well-priced service that supports WebDAV beautifully and has optional guest accounts.  So, you can distribute the guest-account credentials and limit their access to specific folders and permissions.  Perfect!

MyDrive even offers a free tier, with one guest account and 100MB of storage.  That might be enough for many purposes, but I needed more storage than that.  So I upgraded to their "MyDrive Pro" with over 3GB of storage for the princely sum of approximately $10 a year (and they gave me a bonus month on top of that).  Additional guest accounts are $0.50 a month.

They have a free iOS app too, but that doesn't get around the problem that only Keynote can access your presentations on your iDevice.  For that, we'll use WebDAV:

How to use MyDrive.ch's WebDAV feature to share your Keynote presentations

1) Set up your MyDrive.ch account in a browser on your computer or iPad.  You'll receive an authentication email immediately; look for this, and click the activation link it contains.  All set!

2) In the browser, log in and establish any folder structure you want.  I suggest creating a dedicated folder for uploads from your guest(s) if that's something you might want to enable.  MyDrive.ch enforces a rule that only the master account can write to the root folder; by default, guests can access files in the root folder for read-access only.

3) Switch to Keynote.  On iOS, in order to log into your WebDAV-supporting service to upload a presentation, you must first go through the initial steps of downloading something even if there's nothing there yet to download.  So to start: In Keynote's screen that presents your collection of presentations, click the "+" sign at the upper left, and select Copy from WebDAV.  A login screen will appear.

4) For the URL, type https://webdav.mydrive.ch/  ...you can add a folder-name to that if you wish.  (All this is case-sensitive.)  Type in the user name you just established, or the guest name in the form of GuestName@MainUserName. Then, fill in the password for the user you just entered. 

5) Click "Sign In."  Your file-list, if any, will appear.  Clicking on any presentation will download it to your iDevice's Keynote store.  (Keynote files will show up with a .zip extension-- ignore that.)

6) To upload a presentation to share with others, cancel out of the login screen and open the presentation you want to upload.  Click the Share button, then Send a Copy.) Select WebDAV.  From the upload formats you're offered, you'll probably want to choose Keynote.  Your iDevice will click and whirr for a moment, and then the file will be uploaded.  

Done!

Steps 4 & 5 are all your colleagues need to access your presentations: they'd just click the "+" button at the top left of their Keynote presentations listing, Copy from WebDAV, fill in the URL and guest username and password, et voila.

A few caveats

MyDrive supports SSL encryption, as you may have noticed from the https URLs in these examples.  However, if you want your browser-based connection encrypted, you must checkmark the "Use SSL encryption" option at the login screen, even if you logged in via https://mydrive.ch.  I would prefer an "always use SSL" option be instituted in the account settings ...and certainly if you log in via an SSL-encrypted page, your connection should stay SSL-encrypted.  From a usability standpoint, this is a minor but potentially important behavior to be aware-of. UPDATE: The responsive MyDrive folks have responded to this post by changing to an always-on SSL policy. Great!

If you wish to allow your colleagues to upload presentations without giving away your master account credentials:
  • Create a folder to receive their uploads:  Log into your MyDrive.ch account using a browser on your computer or iPad.  Add the folder via the "Create Folder" button.
  • Create a guest account for your colleagues to use and set its permissions to allow uploads:  In the Settings menu, select the Guests tab.  Create the guest account there, assigning full access to the guest.  (Currently, MyDrive's upload access setting doesn't actually enable uploading from within iWork applications via WebDAV.  I have brought this bug to MyDrive.ch's attention.UPDATE: Per MyDrive's engineers, this behavior is probably due to Keynote's usage of temporary scratch files.)  Don't worry, a guest account with "full access" can't delete files or folders at the root level.  If you wish to restrict access to specific folders for specific guest accounts, use a browser to go to your main file listing, and click the permissions button to the right of the folder.  


MyDrive.ch offers other goodies too.  For example, you can mount your MyDrive store as a network drive if your operating system supports such things (and all versions of OS X have done so: In Finder's Go menu, select Connect to Server and use the URL https://webdav.mydrive.ch ...authenticating with your username and password.)

Recommended.  My colleagues and I have already found this to be very useful for distributing some of my Greatest Hits presentations... and, likewise, getting their own to me, directly from their iPads.













23 March 2014

On repurposing an old Mac, and how to automatically .pdf and print important emails

When I upgraded from an impeccable and solid but nearly-four-year-old Macbook Pro to a spectacular new Retina model in late 2012, I had every intention of selling the old machine.  But as fine a machine as it was, it was worth only a few hundred dollars, so I decided to repurpose it as a server.

OS X Server is an inexpensive app, available from the Mac App Store for about twenty dollars, which puts some GUI lipstick on conventional UNIX server functionality.  This makes the functionality a little bit easier to use and manage (but, warning, only a little bit).  Out of the box, Server provides a very secure L2TP VPN option, which has proven to be useful as a complement to the slightly less secure PPTP VPN running on my Raspberry Pi.  I have CloudPull running continuously on this machine, backing up my gmail account to the machine's hard disk, and this Mac is also linked to my Dropbox account, so it continuously duplicates my critical work-in-progress from the various machines I use.  From there Time Machine backs everything up to two alternating disks attached to my home's Time Capsule router.  It's all part of my multi-layered, duplicative backup strategy.

Best of all, the machine's desktop is remotely and securely accessible via Screen Sharing.  I moved all my email archives to this machine, and now I can search for old emails easily when traveling by starting Screen Sharing, using Spotlight to search my email stash for keywords, and then paging through the results in Finder using Cover Flow and Quick Look-- a delightful reason to use mail.app in the first place.  It's simply wonderful for an email pack-rat like me.

Meanwhile--quite aside from the topic of this nifty little server--my HP OfficeJet multifunction printer has e-print capability that lets print-jobs be sent via a special email address assigned to the printer.  So for two years I've been trying to configure things so that my travel receipts are automatically printed and waiting for me when I return from business trips.  My typical travel partners are Hertz, Marriott, United Airlines, Southwest Airlines, Uber and the occasional Square-powered taxi.  All of these companies send me receipts via email.  I use a Gmail account for receiving these and also because the marvelous TripIt.com service can scour a Gmail account for travel reservations and automatically put schedule details into my Mac/iPhone calendar.  So cool.

One would think that Gmail's filtering capability would allow email receipts from these companies to be automatically forwarded to the HP printer's e-print address.  A Gmail filter like this should do the job:

Matches: ("southwest airlines confirmation" OR "eticket itinerary" OR "Hertz E-Mail Statement of Charges" OR "thanks for staying" OR (squareup AND "receipt from") OR "Uber ride receipt")
Do this: Forward to xxxxxx@hpeprint.com

...where xxxxx@hpeprint.com is my printer's email address.

Well.  Not so easy.  First, the hpeprint.com service rejects automatic forwards from Gmail with a cryptic error message:

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain hpeprint.com byonramp02.hpeprint.com. [15.201.184.202].

The error that the other server returned was:
550 5.7.1 Command rejected

So while manually-forwarded emails usually worked, filter-based automatic forwards wouldn't.  Bad enough, but then HP recently morphed hpeprint.com into "hpconnected.com," necessitating a new email address for the printer.  And, after transitioning my account to the new service, the service quit working altogether!  Some quick googling shows that this service is now unreliable at best and totally inoperative for legions of users.

Nothing to count on, then.  But why not implement something similar on my doughty old Macbook Pro?

Here's how to implement e-print functionality on OS X

This should work with any printer.  My objective is to have my travel receipt emails and their attachments automatically printed and filed as .pdfs, but this same technique can be used to automatically print-and-file emails of any sort.  (You don't have to be running your Mac as a server.)

My approach borrows from a host of web posts from folks doing similar things, but many previous examples are now complicated by the new application sandboxing security features introduced in OS X 10.8 Mountain Lion.  The following works with the new ways of doing things and includes a cute twist or two.

The two tools used are AppleScript and Automator, both of which are built-into every Mac.  AppleScript integrates easily into mail.app's rules framework, so incoming emails that meet certain criteria can be processed automatically.  AppleScript scripts can be programmed from raw commands, or the AppleScript engine can mimic user interactions with application GUIs.  Meanwhile, Automator makes automatic printing and filing super-easy.  The combination is very powerful and convenient, and it's all good geeky fun.  (And you can still use any e-print service your printer might support too-- there's nothing mutually-exclusive about this.)

  • First, out of fondness for the TripIt.com service, I receive my emailed receipts to my gmail account.
  • I set up a new free account on the superb GMX.com webmail service for exclusive use for receipt-printing purposes.  There are other ways of doing this, but this works brilliantly.  I've had my eye on GMX.com for a while now and have had a test account there for some months.  It works well in a browser and integrates beautifully with the Mac's mail.app email client.  GMX.com seems a more private and standards-compliant alternative to other webmail vendors, and its spam filtering is effective (perhaps a bit aggressive-- I had to white-list my Gmail and other addresses in it).  GMX.com provides you with a free IMAP account with unlimited email storage; setting up a new account takes perhaps five minutes and requires minimal personal information and no credit-card.  Besides being great for general email purposes, GMX.com is terrific for setting up a specific "print to me" email account.  Good stuff.
  • Once the print-to-me email account was set up on GMX.com and active in mail.app, I set up the Gmail filter to forward incoming receipts to the new print-to-me email.  This just meant replacing the xxxxx@hpeprint.com address in the filter rule above with the new GMX.com address.
  • In mail.app, go to the app's Preferences, then the Rules pane.  Add a rule.  In the Description field, name it something like "Receipt Print".  In the conditions block, one way of doing thing is to select "If [any] of the following conditions are met: [Account] is [gmx account]".  Then, in the Perform the Following Actions field, select Run Applescript, and select Open in Finder.  This will open an AppleScript editor.
  • Paste the following into the AppleScript editor:



  • Note I created a folder called "autoprint" inside my Downloads folder.  The application sandboxing introduced with Mountain Lion limits where apps can write to your disk; Downloads is one of the few places mail.app is now allowed to write without user intervention.  So, create that folder in your Downloads folder.  Inside of that, make another folder called "printed".
  • Edit the hard-coded folder names in my example script (especially the one in quotes towards the end) to match your user name and so forth, minding case.  Then click the compile button at the top of the AppleScript editor, and check for any errors.  When satisfied, save it.  Check that your mail.app rule points to the AppleScript you just made.  (Note that initiating the script's construction from within mail.app ensures that the script is stored within mail.app's own script folder, ~/Library/Application Scripts/com.apple.mail ...another recent security improvement.)
  • If you're running OS X 10.8 Mountain Lion: In System Preferences, click the Accessibility icon and ensure that "Enable access for assistive devices" is checkmarked at the bottom.  This allows the GUI scripting in the script to operate.  See this helpful post for how to do the same thing in OS X 10.9 Mavericks, which grants assistive permissions with per-app granularity for security reasons.
  • Now, load Automator.  Choose "Folder Action".  In the Choose Folder pull-down, select Other, then navigate to select your autoprint folder.  Drag the Print Finder Items action from the column at the left into the workflow.  Then drag the Move Finder Items action under that, and specify that printed items should be moved to the "printed" subfolder you previously placed in your autoprint folder.  Save this new Folder Action you've made.
You're done.  Incoming emails will be split from their attachments.  Any attachments will be given unique names based on the numeric mail ID and original subject, then they will be placed in the autoprint folder.  Meanwhile the body of the email will be converted to .pdf (complete with clickable embedded links!) and also placed in the autoprint folder.  Printing will occur automatically, after which the files will be moved to the printed folder.  A print-success email notification is then sent back to you.  The original emails will remain untouched in mail.app.

So handy for compiling expense reports after a long trip!  You can even snap a photo of paper receipts with your phone as you travel and email them to your print-to-me address.  It's a great way to ensure receipts aren't lost or forgotten.  

The script is easy to modify if you have different needs, too.  Enjoy.


22 February 2014

How to work around the latest Man-In-The-Middle attacks

The ImperialViolet blog has an informative analysis of the just-patched encryption issue that can potentially expose unpatched iOS devices to a man-in-the-middle eavesdropping situation in some circumstances.  Seems Mac users running OS X 10.9 Mavericks should anticipate an update in the next days too…

Do this now: Update your iOS device straightaway, and your Mac when an update comes.  It couldn't be easier: in iOS, go to Settings, click General, and then Software Update.  You'll need to be on WiFi.  The whole process takes 5-7 minutes and temporarily requires a shade over 1GB of free space on your device for scratch storage.

The vulnerability was in an open-source component of iOS (and OS X, and potentially other platforms).  My point is not to make snide assertions about open source— I agree that many eyes make for a more secure product, and the solidity of Linux attests to that.  But it's no panacea, as mistakes can still be made and persist, as this demonstrates ...as does the 14-month-old WebView Android vulnerability that made the news in the past few days.  In this newest case the flaw is very easy to see even if, like me, you’re no expert in C-like languages or encryption.  But somehow it got overlooked, including by the compilers that one would have hoped would have caught such a visible issue.

From what I’ve read, seems the code involved is a fork of the OpenSSL encryption module.  I’ve not yet seen an analysis of whether it may have propagated beyond iOS/OS X.  You can bet that many eyes are looking into that right now.

As I understand it: in this vulnerability, a man-in-the-middle attacker possessing an encryption certificate signed by a trusted Certificate Authority could potentially intercept an encryption handshake between a user and a secure service or website, and under some circumstances the mechanisms that would detect such an attack would be short-circuited, allowing the MITM to eavesdrop or maybe impersonate the remote party.

A Workaround

Patch or no patch, one way around vulnerabilities of this sort is to tunnel past the attacker using a virtual private network that authenticates by some unrelated mechanism.  Typically, once a VPN client is set up on your computer, tablet or phone, you can connect to it most any time, and it establishes an encrypted tunnel and routes some or all your traffic into that tunnel so nearby eavesdroppers can’t make sense of it.

Using a VPN routinely is not a bad idea for those, like me, who frequently rely on public hotspots in hotels, planes and other venues… including in untrustworthy countries.  A bonus is that a VPN also evades firewall blocks for things like Voice-over-Internet and (in some countries) social media.  Of course, one must have their eyes open about the local rules for utilizing such services… It’s one thing if your hotel blocks VoIP to maximize its in-room-phone revenues, but VoIP is flat illegal in many Middle East countries (for example).  Fortunately, if you’re on a VPN, no one between you and your VPN service can detect what you’re doing, at least not easily.

Also, when you’re connected via a VPN, it appears to the services you connect-to that you are connecting from the geographic location of your VPN’s endpoint.  That’s great for accessing your subscriptions to things like Netflix and Hulu when you’re traveling beyond copyright enforcement borders.

Commercial VPN services are plentiful, cheap and easy to use.  It’s also easy to set up your own: Here at Jordan Manor we have three: two (PPTP and ssh-forwarding) running on Linux on a little Raspberry Pi per the instructions at http://unvexed.blogspot.com/2012/08/how-to-set-up-real-encrypted-vpn.html and http://unvexed.blogspot.com/2012/08/how-to-use-raspberry-pi-as-secure-web.html and then a third kind (L2TP) running on an elderly Mac enjoying a second life running OS X Server.

Although some firewall situations block VPNs as well, having a choice of VPNs maximizes the chance one will get through.  And running your own VPN means blocking strategies based on the IP addresses of known commercial VPN services won’t work.  Corollary: if you successfully run your own VPN in a situation where commercial VPNs are routinely blocked, don’t blab about it, and resist the temptation to run “check my IP address” utilities on the web when using your VPN, as these can serve as honeypots that database the IP addresses of likely VPN services, which can result in their being blacklisted.

(Meanwhile, blocking strategies based on the port numbers commonly used by VPN services can sometimes be evaded by routing your VPN through non-standard ports ordinarily utilized for other services less likely to be blocked, though that’s often not possible since port assignments are often baked in the pudding of most operating systems and clients.  Of the three VPN implementations I run here, only the ssh-forwarding approach is amenable to that dodge.)

The takeaway

Just be careful out there, use duplicative layers of security when you can, pay attention to updates and patches for your OS and applications and especially for things that execute code on your machine, like Java and Flash.

Something to watch

One thing worth listening-for in the coming days is the potential impact of this bug on other platforms that might utilize the same open-source code …including the Tor network, as it is OpenSSL based.

31 December 2013

Cryptopocalypse: Can your iPhone be hacked by the NSA?

Today the Intertubes are awash with hysteric headlines like "The NSA Has Crazy Good Backdoor Access to iPhones".  It's quite the pile-on: besides the press' inclination to tear down the tall dog, there's something stunning about the well-regarded security of latter-day iDevices being easily circumvented by shadowy spies in Ft. Meade.

What's missing--as is all too typical--is a close and sober look at what's being disclosed.

Here's what we know from the latest Snowden documents:

The DROPOUTJEEP iPhone exploit requires physical access to the phone, which suggests it’s based on the sort of hard-boot privilege escalation that has animated the cat-and-mouse game of jailbreaking since 2007.  With each generation of hardware and software, old boot-time-access doors are closed by Apple and new ones discovered by jailbreak hackers.  The result has been continuous improvement of device security.

But hardware and iOS advancements now necessitate that all recent jailbreaks require the device filesystem be unencrypted by removing any passcode (and, in the case of the iPhone 5S, the fingerprint authentication).  That offers good likelihood that your recent iPhone or iPad is safe from this exploit if you enable the passcode.

But here’s something interesting that I’m not seeing discussed amid all the hoo-hah.  The source document that’s being splashed all over the Internet is dated 2007:



Specifically, the document datestamp is “20070108”.  It’s unclear if the date format is year-day-month, as is typically seen in the US outside of at least some government and military usage, or the more globally accepted year-month-day.  I’d argue the latter, because the iPhone was released on June 29, 2007.

Either way, the document relates to the very first generation of iPhone, before the filesystem encryption capability was even introduced.  (That came a year later, with iOS 2.)

So, calm down, people.  Enable your passcode.  And know that there are much more probable threats to your rights and privacy than this one.

14 December 2013

Five essential tools for maximizing your digital privacy

I don't quote my own blog posts very often, but a recent article in Slate, "Facebook wants to know why you didn’t publish that status update you started writing," spotlights an issue that caught my attention in the earliest hours of the Snowden revelations.  It's prompted some discussions and then some advice that's worth a post of its own, so here goes.

Some of Snowden's first bombshells included disclosures that US and allied intel agents could monitor users' logins and other activity on the Internet in real time even for encrypted services.  In the aftermath of these leaks, I commented,
The "As-You-Type" claim is a special concern
Webmail services help prevent loss of your work in the event of a disconnect or crash by frequently storing your draft on their server as you compose it.  This blog post, for example, has been saved to Blogger's server automatically many dozens of times as I've worked on it.  Had I typed something incendiary and intemperate about some politician or bureaucrat, that would have been stored as well-- and potentially monitored and inspected if my phrasing (or integrated profile) contained certain keywords or triggers.  This means cloud-based services of a wide variety have the capability of capturing and potentially monitoring your evolving thoughts and phrasing, even if you think better of them before committing the "Send" or "Publish" button.  So, it's bad enough that what you email and say is monitor-able... what you think is also.
So the automatic server-saving of your drafts not only provides crash-proofness but  allows the service you’re using (and any eavesdroppers, hm?) to observe your thought processes and note any evanescent notions that you may have reconsidered and deleted.  Creepy much?

Five essential tools for maximizing privacy

In response to that article, a correspondent asks if his privacy is more assured if he does his drafting in a word-processor on his computer instead.

Well, as should be clear by now, if your drafts are on some server somewhere, they can in theory be accessed and reviewed by corporate or governmental authorities.  It's happened: just ask David Petraeus.  So you might expect that if your drafting and deletions are entirely constrained to files on your local disk then they would remain private.  Unfortunately it's not quite as simple as that in today's connected world.

Basically: your drafts are private if they're on your computer and not benefiting from any sort of cloud storage or backup service, and assuming no entity has installed a key logger or other monitoring tool on your computer, and that no one physically or remotely accesses your machine while your drafts are on it in some accessible form ...which might not be at all obvious.

That last point is an interesting one.  I've lost the citation but recall how some guy was convicted for some terror-related crime in the past couple years based in part on evidence collected from scratch files scattered on his disk by his word processor.  Finding this evidence was possible because he had not encrypted his hard disk, allowing easy forensic analysis of his activities.  The only defense against this sort of forensic analysis (whether by government or other entity) is to encrypt your disk with a strong password; in the US at least there are legal obstacles to forcing you to give your password up even if accused of a crime.  (Biometric authentication is not constitutionally protected.  So if Fifth Amendment protections against self-incrimination are important in your situation, know that anything protected by something like a fingerprint sensor can be opened by the authorities if you're accused of a crime.)

So there are nuances to what one might expect to be a simple answer.  Meanwhile, the only real news in the Slate article referenced above is that stuff you delete from a hosted draft may still have been noted and logged.  And frankly, that shouldn't be news to alert readers by now.

The first essential tool: personal encryption

Let's face it, cloud services are popular because they're useful.  For example, I routinely do my work in files stored in my Dropbox folder.  The benefit to me is that I can access them from anywhere using any of my devices or even a browser on someone else's machine.  This has been very beneficial to me, plus Dropbox keeps versioned backups of my files, so if I whoops something it's easy to return to a previous version.  Dropbox is a wonderful, reliable, non-creepy, secure service I recommend highly and for which I have documented ways to virtually assure the privacy of your files.  (Newer, self-hosted services like OwnCloud or Bittorrent Sync provide capability similar to Dropbox's without third-party involvement, leaving only the transport channel and physical or remote access to one's machines as potential vulnerabilities.)

Of course, were I writing some sort of radical manifesto, keeping my drafts in my Dropbox might not be the best approach for staying under the radar.  Snowden's whistleblowing tells us that agencies of governments friendly and otherwise (and, who knows, some well-resourced corporations or other entities) now regard ordinary encryption as opaque as Saran Wrap.  Though I'm not in the habit of writing manifestos or possessing other dodgy files, there are some aspects of my finances and work where confidentiality is important, and in those situations I perform my own duplicative private encryption, which is less likely to be easily cracked.

So, the first tools to acquire and learn to use are personal encryption utilities.  For those lucky enough to be using a Mac, OS X's built-in ability to create bandwidth-friendly encrypted sparsebundle disk images is a boon.  A helpful reader points out EncFS as another effective, cross-platform tool for bandwidth-conserving file encryption.  For any platform, TrueCrypt provides good capabilities for encrypting files and creating encrypted disk images, although it lacks the sparsebundle capability that's so beneficial for online storage situations.

For me, the benefits of using online services the way I use them outweighs the risks, which I've reduced and mitigated through tools such as these.  Similarly, I use gmail for some of my e-correspondence.  It's a great service.  I recognize that I, the user, am the product, and the service markets me to its customers as a digital dossier collected from my activities, connections, communications and (per the Slate article) thoughts.  Of course, anyone who writes to me c/o my gmail account gets databased, too... an example of how our personal privacy decisions have implications extending beyond the penumbra of our individuality.

The second essential tool: Whole-disk encryption, and password-enable your device

As previously related, I once caught a coworker just as he started poking around on my laptop after he thought I'd left the office.  He was an odd sort of duck, and my immediate thought was that he intended to put something problematic on my machine.  It happens.  In fact, it's the sort of threat that's far more likely than NSA targeting most readers here.

And it's readily addressable: turn on your device's password capabilities, including a screen-saver password or other lock-code that activates when your machine is unattended.  This goes for your smartphone as well as your computer.

But this is just an inconvenience to a determined attacker.  Devices get lost or stolen all the time, and Evil Hotel Maids in some countries can and do access computers left in visitors' rooms to perform espionage on behalf of some state or industrial entity.  The best defense against this is a good whole-disk encryption scheme.  For example, the Mac's FileVault 2 option has been a standard feature of OS X for several generations now, and it is highly effective and efficient.  If your machine's manufacturer offers something of the sort, turn it on.  If not, read some reviews and buy a utility that will do the job.

iPhones and iPads automatically encrypt their file systems when a passcode is turned on-- brilliant.  So, do that.  Recent versions of Android offer something similar.

The third essential tool: Email encryption

Ed Snowden insisted on PGP encryption of email communications, and that's a remarkable endorsement of this free and effective technology.  Its developer, Phil Zimmermann, nearly went to prison for developing it, and then-Sen. Joe Biden made two attempts to sneak wording criminalizing personal encryption into totally unrelated legislation.  It's instructive to ponder why tools that allow individuals to maximize their own privacy have been so controversial for so long... this occurred more than a decade before 9/11.

Today, much of what we do on the Internet is encrypted in transit from your computer to at least the first node in the chain to whatever service you're using.  But that only means eavesdropping is blocked to those lacking the keys, and only while in transit, and only for that hop.  For example, Gmail is very securely handled between your browser and the Gmail servers.  Once there, your emails are stored in plain text.  Worse:
Under the Electronic Communications Privacy Act (ECPA) of 1986, police only need a subpoena, issued without a judge's approval, to read emails that have been opened or that are more than 180 days old.
Meanwhile, the repeated compromises of the public Certificate Authorities suggests any encryption based on CA-managed keys may be vulnerable.

The solution is to heed Snowden's advice and manage your own email encryption for those situations when postcard-class privacy is inadequate.

Setting up PGP takes a little effort and is, unfortunately, still a bit of a geek-fest, but it's worth the effort.  Mac users have it especially easy via the marvelous GPGTools.org toolkit, which integrates brilliantly with Mac's Mail.app.  GPG4Win offers something similar for Windows users.  And all participants in a conversation must have established and exchanged their public keys.  Assuming the participants are trustworthy and careful, this ensures that private discussions remain private.

The fourth essential tool: Back up!

We tend to get worked up about the risks to our data, wealth and privacy from shadowy agencies and sinister corporations, but the greatest risk is the most unavoidable: the eventual failure of our disk drives, including SSDs.  That is a matter of when, not if.

There's only one defense, and that is to maintain current and duplicative backups.  Invest in two USB pocket drives, and back up to them in alternating fashion.  Keep them in different places.  And consider supplementing your local backup strategy with online backup services like Carbonite or my own chosen service, Backblaze.  All offer excellent transport encryption; Backblaze offers a free additional private-encryption capability which further cloaks your stuff on their servers, for a great price.

But if the service happens to back up a draft that you're working on, then there's another example of your drafting-and-deletions hypothetically being accessible to someone with the right access and tools.  But that's many levels lower in terms of exposure than writing your drafts in a gmail/Yahoo/Hotmail composition window, Facebook draft post, Google Docs draft, etc.

The most essential tool: control your own computer

So there are things you can do to improve privacy and increase the chances of flying under the radar of governmental and corporate eavesdroppers and snoops.  Short of staying offline entirely, that can include

  • Carefully selecting (and minimizing) what online services you use and how you use them, 
  • Choosing an operating system that is comparatively secure, 
  • Employing disk, file and transport encryption to increase security, and 
  • Leveraging virtualization, compartmentalization, userspace separations and utilization of separate machines.


That last recommendation is quite important.  We tend to fixate on the shadowy cloak-and-dagger players, and sure: those are sexy threats that make headlines.  But the likelihood most of us will be snared by their tentacles in any meaningful way are small compared to the potential consequences of other dumb things we do.

Top among them: using your company computer for personal purposes.

Just don't.

For starters, it's a great way to get fired.  I've known smart people whose work is legally quite sensitive yet they watch naughty videos, play online games, download warez and do other risky things on their company computers, sometimes even in their normal user accounts.  Dumb, dumb, dumb.  Just ask John Deutch.  (What is it about CIA Directors and their digital idiocy?)  Frankly, if I caught an employee doing that, I'd fire 'em myself just out of intolerance for dumbasses.

So, just don't.  With the cost of terminating employees growing higher every year, IT departments are increasingly tasked with monitoring employee computer usage, documenting offenses useful for knocking down exit demands and defending against termination-related lawsuits.  So keyloggers are routinely installed, screen-snaps are covertly acquired, webcams are snapshotted to capture employee behavior, networking logs are databased... do a bit of searching and you'll find many super-creepy examples out there of employers watching and observing everything their employees and contractors do at the keyboard, and of tools marketed to them for ever deeper surveillance, tools like http://talygen.com/CaptureScreenShot and http://www.oleansoft.com --there are dozens and dozens.

That is a far more present threat to most people than the NSA, or industrial espionage, or the depredations of sneaky social-networking services and ad-platform companies masquerading as cloud service providers.  Solution: Get your own damn laptop or tablet, and lock it down, and keep it in your possession as much as possible, especially when you travel.

And mind your assumptions.  If you think you're safe, you're doing it wrong.

17 November 2013

A Dropboxless Dropbox for extra-secure file sync

Dropbox is great for sharing
files between your machines.
I've used and enthusiastically recommended Dropbox for years: as a costless "virtual thumb drive" for ferrying files between my machines, for sharing files too big to email, and even to host web content.  Great stuff.  I also make a habit of using my Dropbox folder for my current work, so every document I'm working on gets backed-up in real time, in versioned form so I can even return to a previous revision if I whoops something.  I love Dropbox.  It's just an awesome service: sign up at http://db.tt/Me4yRjt and I get a small storage bonus.  

But I have harbored no illusions about the privacy implications of storing stuff in any third-party's cloud, even before the Snowden revelations.  So one of my first blog posts centered on a Mac-centric workaround: use the Mac's magnificent ability to create bandwidth-friendly, encrypted sparsebundle disk images, storing the image in my Dropbox instead of the individual sensitive files.  There's evidently a demand for doing such things, as that post quickly racked up many thousands of hits, has remained at or near the top of Google searches regarding Dropbox security since it was published, and was featured by influential tech commentator Shawn Blanc.

Over time I've kept an eye on the Dropbox market, signing up for (but, frankly, rarely using) alternatives ranging from SugarSync to SkyDrive to SpiderOak.  All are fine services with generous free storage offerings to get you started.  SpiderOak in particular has excellent privacy engineering.  None, however, are both free and open-source (FOSS).  There's SparkleShare, which is FOSS, but it lacks a mobile client, especially for iOS (which I'd need).  Tarsnap and Unison are others, but they're not seamlessly cross-platform and lack a mobile client.  OwnCloud is FOSS but requires a central server-- great for enterprises but overkill for my sync-centric individual's usage.  

All told, I probably have more than 100GB of free storage I don't use, on top of the Dropbox storage that I do use.  

But now there's an alternative that's going to pull at least some of my usage away from Dropbox.  It's Bittorrent Sync, a peer-to-peer implementation of Dropbox-like functionality that syncs stuff between your machines and mobile devices.  It's costless but not yet open-source, though the developers have adopted a never-say-never posture towards FOSS.  

Bittorrent Sync is from the folks who make the excellent uTorrent torrent-management client, and it extends the serverless torrent concept to syncing one's files between machines.  Security seems good (though without open-sourcing, that's a statement of faith) and performance is excellent.  Free clients are offered for Windows, Mac OS X and Linux, and for iOS and Android.  Setup is incredibly straightforward: start with your desktop machines, pasting the automatically-generated key from one client to the other to establish encrypted syncing between them; then for your mobile devices, just scan the QR code your desktop installation will present for you, and setup is complete.  Couldn't be easier, and bonus points to the Bittorrent folks for finally finding a good use for QR codes!

Then it just works.  Put a file in a folder on one machine and it will automagically appear on all the others as long as one remains powered-up.  Just like Dropbox, only there's no third-party central server involved.  (And, no web access-- which may be a plus or a minus, depending on your intended usage).  
Sharing is achieved by providing a key code to those with whom you want to share; they plug this into their own Bittorrent Sync client.  Sharing key codes for read/write and read-only are easy to generate, as are one-time keys that expire after 24 hours.  And files are versioned!

Bittorrent Sync shares some attributes with other file-syncing services: Storage folders on your clients are not encrypted, though the transmission of files is.  Syncing across hotel and a few other public networks may be problematic depending on how they're set up (my Mac client set itself to listen on TCP port 26085, which some networks might block).  And there's the pervasive risk of potentially instilling a sense of false confidence that can contribute to oversights of fundamental security and privacy practices, such as 
  • Failing to set up whole-device encryption, 
  • Failing to establish a long passcode on your mobile devices, 
  • Failing to physically secure your devices or lock their screen when you turn away...
As a useful tool for privacy or just plain easy-peasy syncing, color me impressed about Bittorrent Sync.  It works nicely and is as polished as you'd expect from the folks who gave us uTorrent.

UPDATE: Here's an especially informative review.