This post is a continuation of the series on smartphone interfaces and will cover Bluetooth interface security. Let me begin by saying that Bluetooth security is not as bad as it once was. As with the other articles in the series I will cover both the security and privacy concerns around this interface. Continue reading “Smartphone Bluetooth Interface Security”
In the posts regarding smartphone interfaces (Wi-Fi, Cellular) I have recommended that you use a virtual private network (VPN). Immediately following the post on Wi-Fi security and privacy a comment was posted with questions about settings in Private Internet Access (PIA). Because I have not covered this topic in detail, and because many of your have chose PIA based on my recommendation, I will cover PIA for various operating systems intermittently over the next couple of weeks. Today we will go over Private Internet Access for Mac. Continue reading “Private Internet Access for Mac”
Email is a service that we all rely on. Finding an email provider that promises a good balance of privacy, security, and convenience is a fraught proposition, however. As readers here doubtlessly know, I have huge privacy concerns around email. I hate giving out my real email address if possible, because it equates to attack surface (more on this later). I also hate using the same email for multiple services, but this creates major convenience problems. And I can’t store email with providers that either a.) dont’ store my data securely or b.) store it securely but scrape it for marketing purposes. Readers here also know I am a big fan of ProtonMail. This is why I decided to give ProtonMail Premium a try. Continue reading “ProtonMail Premium Review”
I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does. It is only a very small subset of the population that considers security, even secondarily. And if they do, many don’t understand enough about it to implement it properly. The article in question asks if users should upgrade to the newly released iOS, version 9.3.3. Hold off on OS updates? Seriously?
At this point, my ultra-private iPod phone is setup and ready to use. If you choose to follow a similar course, it is important to define how you will actually employ the device before you start to use it. This will also dictate the tradecraft you should undertake to support your use case. As I see it, there are essentially two ways this device can be used. Both will make you more private and secure. It is up to you to decide how far you need – or want – to take it.
At this point in the process, the iPod has been initally setup, and the settings modified to make it as organically secure as possible. At this point it is necessary to fund the iTunes account. Even if you only plan to use free applications, the account must be funded before you can download apps. The smallest denomination gift card you can purchase is $10 (I was unable to find anything below $15).
Yesterday’s post covered the initial device setup for my Private iPod Phone. Today’s post will go through the settings that impact privacy and security. The goal of these settings is to make the device as inherently hardened as possible. These changes are designed to lower the footprint of the iPod by limiting the amount of information it transmits, making it less trackable, and generally less “noisy”. These are all important factors to me when creating my ultra-private iPod phone. Many of these settings can also be applied to your iPhone. Continue reading “My Ultra-Private iPod Phone 3”
Welcome back to Part 2 of my attempt to create a private and secure iPod phone! When I started this series I thought it would consist of three parts: procurement, setup, and use. Setup took far more time than I expected, however, so I am going to cover this stage of the process somewhat more slowly. One of the reasons I wanted to do this experiment was to see what roadblocks I might run into. True to form, I ran into a couple of problems right off the bat. This post will cover setting up the iPod phone intially, and modifying basic settings for privacy and security.
Some time ago I read an amazingly good article on using an iPod Touch as a secure/private phone. I love the idea, and I have thought about it for quite a while. An iPod Touch is remarkably similar to an iPhone, but potentially far more private and secure. Recently I decided to try it for myself and see how easy (or hard) it would be to set up. I also had unanswered questions about its actual use. Part 1 of this article will cover device procurement and the lengths I went to for anonymity’s sake. Part 2, 3, and 4 will cover setup, and Part 5 will cover actually using my new, ultra-secure and private iPod phone. Continue reading “My Ultra-Private iPod Phone 1”
My last post covered threat modeling the Tor Network. While I have a very nuanced opinion of Tor, I do think it is ideal for certain use cases. Unless contraindicated . Using Tor is not difficult, but there are some potential pitfalls to be aware of. This post will cover how to use the Tor Browser Bundle.
Download and Install the Tor Browser
The first step is to download the Tor Browser from https://torproject.org. Before you install it you should verify the integrity of the file. The Tor Project has an excellent tutorial on how to do this here. Additionally, I will begin to post checksums for the Tor Browser this month. After you have verified the file, install it. If you use a Mac, double-click the .dmg and drag the icon into your applications folder. A few more steps are required if you use Windows, but setup is not difficult. Instructions are available here.
Begin Browsing with Tor
You are now ready to begin browsing. Double-click the Tor icon. Tor will as you to choose between “Connect” and “Configure”. For the vast majority of use-cases connecting directly is your best option. The “configure” option gives you the ability to use a bridge or proxy. Using a bridge or proxy may be necessary if you are in a country or on a network that blocks Tor traffic. Configuring a bridge or proxy is fairly intuitive, should you need to do so.
When you connect to the Tor network, your request is first routed to a directory server. This server will create your custom “circuit”, the network of three nodes through which your traffic will be routed. When your connection is established, the Tor browser will open automatically. You are now ready to browse through the Tor network. The Tor Browser is a modified version of Firefox. Browsing with Tor is superficially no different than browsing with Firefox with one or two exceptions.
Using Tor-Specific Features
Clicking the Onion button opens some options not available in Firefox. It also displays your Tor circuit and allows you to change the following options:
- New Identity: This closes all open tabs and discards any browsing data, like cookies. A new, clean instance of the browser is then opened. I do not recommend this
- New Tor Circuit for this Site: This feature builds a new circuit for the tab that is currently open.
- Privacy and Security Settings: See below.
- Tor Network Settings: Allows you to configure bridges and/or proxies if needed.
- Check Tor Browser for Updates: Always keep your browser up-to-date. I recommend checking each time you open Tor because updates are frequently released.
Privacy and Security Settings: Click this to open an additional dialogue. The privacy portion has four radio buttons. Leave all of these checked. The security dialogue contains a slider and allows you to choose a desired level of security (low, medium-low, medium-high, high). These settings correlate roughly to threat models. The higher your threat model, the higher a level of security you should choose. I believe you should always use “high”. It is less convenient and requires a working knowledge of NoScript, but if you are going to use Tor you should use it to its full potential. On the other hand, ease-of-use may convince more people to use it overall.
Potential Problems with Tor
Tor is imperfect for everyday use. There are reasons it is not incredibly common. Among them: the Tor Network is slow. Traffic is routed through multiple servers, usually in multiple countries. This inevitably slows your traffic. Additionally, your traffic is slowed at least to the speed of the slowest server in your circuit. You will also be forced to solve captchas to visit or log in to some websites, and encounter other minor inconveniences. You will also encounter security issues when using the Tor Browser. I addressed some of these in my last post. My next post will address one of them specifically: exit node security through HTTPS.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.