Do NOT Accept the Investigatory Powers Bill

Last year the ECJ stuck down the UK’s Regulation of Investigatory Powers Act (RIPA) which allowed the government to store communications metadata. This was because the government could access these records without a warrant or even the subject knowing, which is problematic because this means it is impossible to know whether you are being surveilled or not which creates a constant fear that it is going on and therefore creating a breach of your right to privacy.

Fast forwarding to today, Theresa May has announced her Investigatory Powers Bill (IPB) which, yes, allows for more transparency, but essentially just legitimises the excessive and wide-sweeping surveillance already being carried out whilst also increasing the scope and power that the government has over your online activity and yet still causing the same problem as RIPA (and DRIP for that matter).

There are ton of things wrong with this bill, but I would like to address 3 in particular.
Continue reading

HTML 5 logo

How your battery can be used to track your online activity

As part of HTML5, it is possible for sites to see the life remaining in the battery you are using to browse the internet. This feature exists so that it is possible to reduce the amount of data being sent and received by your device in order to preserve battery life. W3C have said that in their specification that the API “has minimal impact on privacy or fingerprinting” and because of this they allow sites to request the information without requiring permission to do so. However a paper published in the International Association for Cryptologic Research (IACR) explains how this API can be used to track users across the internet even when they are using tools such as a VPN.

Continue reading

Facebook privacy and why you should care about what you post online…even privately!

So I just did a Guess My Age test on this website and it got it perfectly right. However, giving the same answers when doing it through Tor (so it can’t see my Facebook account) it got it wrong, which to me is quite interesting and has led me to certain conclusions: it probably takes your data from Facebook without you knowing.

This can have very serious consequences, especially when I realise that my year of birth is hidden on Facebook. So it would appear that any website can access information about you that you have on Facebook, even if it is not public information.

Continue reading

A Full Guide On How to Encrypt Your Emails – Hardcore Style

Whether you believe it or not the NSA and GCHQ are storing your emails, calls browsing history and God knows what else this is total breach of your right to privacy. Even GMail scans each email your send and receive to create ads target at what you and your friends talk about. In an ideal world this post would not need to exist at all but thanks to our ‘dear leaders’ around the world there has developed a need for us to encrypt our emails so that we can actually hold our right to privacy.

In this post I hope to give you an explicit step by step guide on how to set up encryption for any email account that is easy to follow and understand even if you’re new to the concept. The method I use is one of the best ways to secure your emails.

You will need the mail client Thunderbird, though you will only ever need to use this client to read/send encrypted mails, the rest of the time you can continue using your current mail client or web app. This is because you need the add-ons for Thunderbird to encrypt/decrypt your emails, if most of your emails won’t need this, then you will not need to use it all the time.

I will start with email encryption and if it is well received I will move on to how to keep your browsing history private from prying eyes.

washpostheadlinensa

Click the photo for the full story

How Email Encryption Works

GPG starts for GNU Privacy Guard, it uses two types of ‘keys’ – public and private – to encrypt your emails.

The public key is used to encrypt emails sent to you by other people and the private key is used by you to decrypt emails you receive. As the names suggest the public key is public for anybody to see and use and your private key is only known by you.

525px-Public_key_encryption.svg

 

Take the above example, Bob sends Alice a message saying “Hello Alice!”, here’s the step-by-step of how this is encrypted, sent, decrypted and finally read.

  1. Alice sends Bob her public key (this can also be done by downloading from a public keyerver like pgp.mit.edu
  2. Bob encrypts his message to Alice using Alice’s public key
  3. Bob sends his message to Alice
  4. The message is received by Alice
  5. Alice decrypts the message from Bob using her private key

In a nutshell, public keys encrypt, private keys decrypt.

How to Set Up Email Encryption (Beginner)

If you want to make sure you have the strongest key possible, go to the bottom of the page

For good coverage, I will explain the step-by-step process on how to set up GPG for Windows, OSX and Ubuntu – if you use another distribution, it shouldn’t be too hard to translate the commands.
Continue reading