Living on the Edge

I was reading the other day about the next-gen Windows browser, Edge, that replaces Internet Exploder in Windows 10. Apparently, the browser informs Microsoft of just about everything to do with your activities, even your GPS location. Disabling this “feature set” means yet another string of window and mouse clicks, specific to the tool.

I’m just so sick of that horse hockey.  One is forced to adopt a strategic plan regarding online privacy.

What is my goal for online security?

  • Prevent my financial information and related personal information from being sprayed indiscriminately around the internuts.
  • Fuck with the gummint, because, ‘Murica.
  • Establish a beachhead for data security, in view of the probability that the gummint is (still) going after data unlawfully.

Security Begins At Home

I accomplish these goals mostly by using a private VPN. The VPN secures my data over the network from the NIC on my system to its target; and back. I have two fundamental protections. The data is encrypted, i.e., unreadable to anyone inserting himself between my system and the network. The encrypted data goes through a VPN server, meaning that anyone on the network cannot see the originating system.1

Communications

I have a paid account at Hushmail, which I use periodically to keep it active; but which exists primarily as a fall back, to be able to securely send encrypted mail, if needed. Hushmail provides a challenge-response mechanism for mail recipients to read their Hushmail online, via an encrypted protocol in the browser, without having to open and maintain a Hushmail account.

I have a Skype phone number and subscription for sending text messages. Skype-to-Skype calls and messages are encrypted.2

Disk Encryption

I have whole-disk encryption on my linux laptop. I used the default system that comes with Ubuntu 15.04. 3

BitLocker

In Windows, you have access to a built-in encryption technology, BitLocker. This software has some well-known issues, not least of which is an abiding mistrust of Microsoft among members of the technical community.4

Other free/”open source” tools exist, and so do some commercial ones. Excepting BitLocker, technical expertise and courage will be required to install them on your systems.

BestCrypt

Bruce Schneier recommends BestCrypt5, a commercial disk encryption system that comes in two forms. Container encryption enables the user to encrypt sections of the user space. For example, you might encrypt your documents folders, and perhaps, your porn collection. Volume encryption is the BestCrypt terminology for “whole disk encryption.” The tools are not overly expensive, but they’re not cheap, either.

DiskCryptor

DiskCryptor 6 started as a drop-in replacement for any of several other disk encryption packages.  One of these, TrueCrypt, has gone to the software graveyard.

Data Drifting Overhead

Of course, no musing about data integrity would be complete without contemplating the ubiquitous cloud, the mythical storage place for all out data.  In the fallout of the Snowden debacle, several prominent cloud storage providers, including Yahoo and Google, quickly made public plans to completely seal their cryptographic containers, so that government agencies could no longer help themselves. Additionally, they committed to using hashed, unrecoverable keys that could not be handed over whenever government agents went fishing.

In the event that these promises of the megacorps are insufficient, tools exist to add a user-level cryptographic layer to the floating data.

BoxCryptor

BoxCryptor is a product of a German company that encrypts files in online services like Dropbox.  Essentially, it creates a virtual drive, made up of the portion of the filesystem that is occupied by the Dropbox folder, and then encrypts the “whole disk.” The disadvantage to these services is that you are required to use the virtual drive for accessing the unencrypted files. In the case of BoxCryptor, it’s a Windows/Mac product, only, with apps for Android and iPhone.

Self-Sufficiency

One can’t escape the determined reach of a government arm.  That does not mean we can’t make it as damned difficult as possible to get a grip on us.  The various forms of media are full of yak from people talking up firearms as the answer to every problem.  A firearm will not keep government hands off your data.  A bit of self-sufficiency will. Everyone knows that the NSA has God-like powers, when turned loose upon an unsuspecting population.  But, a suspecting population can make these “data collection” operations expensive, and, eventually, unprofitable.


  1. An additional layer of anonymity is added by the fact that I can choose which VPN server will route my traffic. Today, I’m using a server in New Jersey. Tomorrow, I could route my traffic through a server in Arizona. 
  2. Much ink has been spilled over Microsoft’s apparent ability to read messages sent over its system; this, despite the fact that the service claims end-to-end encryption. The likely status is that your messages and voice traffic are safe from outside interference, but that Microsoft has built itself a back door. A back door is inherently insecure, since your data is now only as safe as Microsoft’s protection of the back door. I would not use Skype if I wanted to hide from a government agency with a 3-character abbreviation for a name. 
  3. “Guide to Full Disk Encryption with Ubuntu.” The Simple Computer. The Simple Computer, 28 June 2015. Web. 04 Sept. 2015. http://bit.ly/1XscjCP”…full disk encryption using Cryptsetup, dm_crypt and LUKS.” 
  4. Lee, Micah. “Microsoft Gives Details About Its Controversial Disk Encryption.” The Intercept. The Intercept, 4 June 2015. Web. 04 Sept. 2015. http://bit.ly/1hISx5p 
  5. “BestCrypt Volume Encryption.” Fixed & Removable Whole Hard Disk Encryption Software. Jetico, n.d. Web. 04 Sept. 2015. http://bit.ly/1Xs7w4o. 
  6. “Main Page.” DiskCryptor Wiki. N.p., 09 July 2014. Web. 04 Sept. 2015. http://bit.ly/1Xs8CwX. DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s