Category Archives: Privacy

Cryptocurrency my Journey

A co-worker came up to me and mentioned that he was now trading Cryptocurrency.  He had recently tripled his money in the past week.  Several others joined us at the water cooler and chimed in that they had also benefited from the recent bitcoin rush.

I thought about my financial situation and decided to avoid the risky venture.  I had just gotten out of student loan debt and was starting to seriously invest in mutual funds with a long track record of success.  I mostly was investing in index funds through Vanguard.  In 2017 the market gave me an almost 20% return but this paled in comparison to my friend’s 300% gain with crypto-currencies in 1 week.  Was it foolish to want to get in on the action?

A few days later a friend of mine came to crash at my place in Los Angeles.  While we were chatting he mentioned that he also had started investing in Bitcoin.  He pulled up an app on his phone that instantly showed how much his investment was worth.  In bold numbers on the top of his screen I saw $1200 dollars.

I asked him how much he originally had put in.  He explained that he had merely put in 200 dollars 6 months ago and that his money had exploded.  He said that he didn’t miss the money at all.  He used an app called Acorns .  Every time he made a debit card purchase, it took the spare change and invested it into the market.  After a few months he had accumulated a few hundred dollars.  Since he didn’t really miss this money he felt fine about risking it in the cryptocurrency market.

Investing in Cryptocurrency:

I asked him what the name of the app he was using on his phone was.  He called it coinbase.  I decided to give it a try.  The setup was extremely easy.  Within minutes I was given access to three different cryptocurrencies: Litecoin, Etherium and Bitcoin.  I had only ever heard of Bitcoin and I knew it was currently making a lot of people very rich.

The setup for Coinbase was very straightforward.  They didn’t even require me to add my bank account.  I simply added one of my credit cards and “purchased” 100 dollars worth of cryptocurrency.  I thought it would be a fun experiment to diversify and split my 100 dollars cash into three equal parts: $33.33 into Litecoin, $33.33 into Etherium and $33.33 into Bitcoin.  I had to make the purchase in 3 different transactions.  My bank immediately suspended my credit card, thinking perhaps my card had been stolen.  I  called an explained that it was indeed me making the purchases and everything went through as planned.

I pulled up the app on my phone and was greeted with $100 dollars at the top of the screen. One hour later it had surged to $101.  The next day $110.  How had I not placed thousands of dollars in?  In just one day I had made 10%.  If I had put 100,000 in I would have gotten 10,000 in just one day!  Could this madness continue?

For the next week, I happily watched as the number on the top of the screen surged to 120, 130 then 140.  I found myself constantly checking my balance; during lunch, at breaks, under the table while out for dinner.  It was becoming an unhealthy obsession.  Greed started to control my thoughts as I imagined putting more of my life savings into the currency.

Christmas fast approached and the cryptocurrency was thriving.  I joined the chorus of happy investors at the water cooler at work.  We all couldn’t believe how well our investments were doing.   Then one day I woke up and my balance read $53 dollars.  Where had the money disappeared to?  How could half of my money evaporate in a night?  I panicked and considered pulling everything out and dealing with my loss.

At work the next day I mentioned my losses and my coworkers calmly explained that they had already moved past bitcoin and were now investing in Bitcoincash and Ripple.  Had I missed the boat?

Comment below on your crypto-currency experiences.  Have you gained or experienced a loss?

Vuvuzela more secure than TOR?

vuvuzela2

The fight with data encryption continues as researchers at MIT CSAIL (Computer Science and Artificial Intelligence Laboratory) create a new messaging application that works similar to internet darling TOR.

Vuvuzela was named after the plastic horn used at FIFA football World cup finals in 2010 in South Africa.  (Man those horns were annoying).  The software itself is still in infancy, but many scientists are intrigued by its method of encrypting data.

TOR hides messages like an onion, using several different layers of encryption and sending users through random servers on the internet.  Vuvuzela on the other hand takes a different approach, it uses less encryption but more false traffic.

vuvuzela1

The program takes messages that it receives from a sender then stores it inside a memory address on one of its servers (a mailbox).

Before it decides to store the content, the messages goes through an array of several different servers, that happen to send out false traffic to all of the users on the network.

The Vevuzela server then notifies the recipient that there is a message waiting for them.  When the user goes to read the message, they have to go through several mailboxes to get the message’s location.  Each time a connection is made through one of theses mailboxes by the recipient looking for the message, each of the servers sends out false network packets to the network.

With all of the dummy traffic, and with senders and receivers moving past their destinations to create even more dummy traffic after they have sent or obtained the actual message, you can just imagine how difficult it would be for a hacker to figure out who is talking to each other.

With so much fake traffic, and with senders and recipients moving past their destinations to intentionally create even more fake traffic after they’ve left or retrieved the actual message, you can only imagine how much data an attacker would have to sniff out before getting a clue of who’s talking to whom.

vuvuzela3

It takes about 45 seconds to send a message:

After simulating Vuvuzela for 1 million users with Amazon’s server, it showed that most messages had a lag of about 45 seconds.  That is large lag for texting, but with email not being exactly instant, I think people will be able to get used to the lag.  The researchers also promise a faster communication time as they work the kinks out of their code.

To read more about the technical aspect of Vuvuzela, checkout the research paper:

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis  Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich.

Do you use encrypted messaging applications?  How have they worked for you?  Do you experience any lag?  Answer in the comments below.

Dirtbox Phone Call Snooping in San Bernardino

TURNAGAIN, ANCHORAGE, ALASKA, UNITED STATES - 2009/06/18: Small airplane in flight. (Photo by John Greim/LightRocket via Getty Images)

Right after the tragic attacks that took place in San Bernardino federal investigators launched a spy plane over the area to see if they could find accomplices.   The plane circled above the area in hopes of finding out extra information.  It is said that the aircraft most likely had dirtbox technology that can scan hundreds of phones to obtain clues into the investigation.

More about Dirtbox technology:

dirtbox

  1. Any plane with a dirtbox cellphone device can scan multiple cellphones looking for a subject.
  2. Other cellphones that are not targeted are released as the dirtbox gathers more information on the target.
  3. The plane continues to move and gather signal strength.
  4. The end result is that the plane can identify the perpetrator from within 3 meters.  The police can then come in and arrest them.

Could this mean that there were other suspects involved with the San Bernardino attacks?  Or was the plane just launched to scan through myriad phone calls to find suspicious activity?

Sofrep initially broke the news by saying that the use of the spy plane showed that law enforcement was ‘actively searching for other members of a terrorist cell.’

According to Sofrep, the Pilatus PC-12 was used for the cell phone snooping.  This is similar to the aircraft sent by the military to missions in Africa.

Sofrep also revealed a map of the flight path for the aircraft which demonstrated that it made numerous circles over the area around Farook’s home in San Bernardino.

Does it make you feel safer to know that the government can deploy aircraft’s to listen in on conversation?  Or is this a violation of privacy?  Should crafts like this only be used in the case of a terrorist attack or should dirtbox deployments be common place for the common good?  Weigh in below with your comments.  We would love to hear from you..

France Will Not Ban TOR or Wi-Fi

TOR1

If you are a frequent Bapgo reader, you will remember that a few days ago it came out that France was looking to restrict TOR indefinitely and Public Wi-Fi during a state of emergency.  Today it was revealed that despite requests from police, France will not restrict the TOR network or public WiFi.

Prime Minister Manual Valls stated, “a ban on WiFi is not a course of action envisaged” by the government.

Tor2

After the shocking attack in Paris Le Monde (the world), reported an internal law enforcement document asking to inhibit freedom of public Internet during a crisis as a way to trample terrorism.

The “Internet is a freedom, is an extraordinary means of communication between people, it is a benefit to the economy,” Valls concluded.

The world continues to watch as the French government seeks a solution.  Leaders in the European Union and the United States are seeking to compromise encryption and private communication.

Tor3

On Wednesday, Sen. Dianne Feinstein promised to find a way to compromise encryption.  Fortunately there is not a law that requires a backdoor on encryption, however, depending on the type of encryption used, there may be a backdoor that hackers can compromise.  So, if a hacker can gain access to encryption it follows that the government could potentially have access as well.

Encryption makes the internet a safer place.  Safer for e-commerce, bank activity, stock trading and communication.  I agree with Prime Minister Valls, Freedom on the internet does encourage the economy. Time will tell if Sen. Dianne Feinstein will be successful in her endeavor.

Take a look at Bapgo’s article on how to easily encrypt your hard drive on a Windows machine.

How do you use encryption on a daily basis?  Have you ever been caught in a situation where you wish you had encrypted your data?  Share your experiences in the comments below.

 

Super Secure Android Phone

granitephone1

Is your phone secure?  There is always the possibility that your phone has a backdoor.  Even if the phone is encrypted the government or businesses may have a key.  One reason BlackBerry was so popular a decade ago was because the Canadian company promised increased security.

GranitePhone by Sikur runs a forked version of the Android operating system called GraniteOS.  It’s easy to navigate like an Android phone and you can make secure encrypted voice calls and chat messages.  There is also limited e-mail functionality.  The phone lacks an app store and the majority of other popular apps that are normally thought of when using a mobile phone.  This was done intentionally.  Sikur is looking to make a phone that is private and secure.  Sometimes third party apps can open a backdoor and cause issues.

The Granite phone is not intended for the average smartphone user.  This phone is meant for financial institutions, government, and large corporations.   It will be tricky to persuade would-be users to use the GranitePhone over the competition.

 

granitephone3

Device Specifications:

  • 5-inch 1080p screen
  • Qualcomm Snapdragon 615 processor
  • 2GB Ram
  • 16GB storage
  • 16-megapixel back camera
  • 8-megapixel front facing camera
  • 2700mAh Battery (non-replaceable)

granitephone2

Why pick GranitePhone?

There is a lot of competition out there for a secure phone.  Sikur says that one thing that makes the standout is the ability to install on-site data servers to allow the data going to and from the granitephone to be stored locally.  Currently that option is not available on Blackberry.

Encrypted communications can also be accessed on through their desktop application adding a bit of convenience.

Future of GranitePhone:

Approved secure applications may be available in the future, as well as secure video calling, a feature that is already present in the desktop version.

I think it’s wonderful that so many secure options are becoming available for smartphone users.  I think all too often people do not place an emphasis on increasing hardware security.

Have you used a secure smartphone? Let us know your experience in the comments below.

Donald Trump Wants to Restrict Internet

trump1

Just after Donald Trump revealed his plans to ban Muslims from entering the United States, the presidential hopeful stated that the US should consider “closing the Internet up in some way” to fight ISIS terrorists online.

Trump made fun of anyone that would reject his plan stating “these are foolish people, we have a lot of foolish people”.

As a quick solution he stated “we have to go see Bill Gates” to better understand the Internet and then possibly “close it up”.

Donald continues to stir the pot by saying “we’re losing a lot of people because of the Internet”.

trump3

Hillary Clinton Reveals Plan for Internet:

The Internet is a hot button issue for the election next year.  Hillary Clinton requested that tech companies “deny online space” to terrorists.

To rationalize away the first amendment she stated “we’re going to hear all the usual complaints.  You know, freedom of speech, etc… But if we truly are in a war against terrorism and we are truly looking for ways to shut off their funding, shut off the flow of foreign fighters, then we’ve got to shut off their means of communicating. It’s more complicated with some of what they do on encrypted apps, and I’m well aware of that, and that requires even more thinking about how to do it.”

Encrypted apps can be used for good.  Read my article about setting up an encrypted messenger on your Windows machine.

trump2

President Obama’s Plan:

President Obama also chimed in on Sunday night urging “high-tech and law enforcement leaders to make it harder to use technology to escape from justice”.

I agree that there needs to by cyber vigilance to combat terrorism.  However, limiting freedoms and regulating the internet may not be the best solution to this ongoing problem.

What are some ways we could overcome cyber warfare without compromising our rights?  Please share in the comments below.

France Aims to Block TOR and Restrict Public WIFI

bannedfran  

TOR and Public WIFI may be blocked to Contain Terrorism

A French newspaper Le Monde reported that the government of France is considering new legislation that could sensor internet users.  This includes banning TOR and public WIFI.

Banning Public Wi-Fi in State of Emergency:

bannedwifi

The first law would ban people from sharing Wi-Fi connections during a state of emergency.  The rational is that it is difficult to track individuals who use public Wi-Fi networks, as opposed to cellular networks.

The problem with this solution, is that would-be terrorists could access the internet from another myriad of ways.  Adhoc connections, satellite internet connections, private network connects etc…

Banning TOR from France:

bannedtor

TOR is an acronym derived from The Onion Router.  TOR directs internet traffic through a free, worldwide, volunteer network consisting of more than 6 thousand relays to conceal a user’s location and usage from anyone conducting network surveillance.  Basically it allows people to browse and communicate over the internet anonymously.

If you would like information on how to setup the Onion Network easily on your windows machine, checkout my article that I wrote here.

The Onion Network can make it difficult for authorities to trace Internet activity back to the user.  TOR users can make anonymous visits to websites, online posts, instant messages and other communication forums without being tracked.

TOR’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.  Many people think that TOR is intended for criminals only.  I tend to disagree.  Checkout my post about the top people that should use the Onion Network.  Spoiler alert: It’s not terrorists.

If France were to try to ban the Onion Router, it wouldn’t solve their problem.  There are other sneaky ways to logon to the TOR network.  A VPN could be used remotely.  Would-be terrorists could also still access the Onion Network outside of the country.

While I applaud France for being proactive on the war against terrorism, I doubt their methodology to be effective.

Secure Messaging App Signal Launches Desktop Version

signal4

Signal Desktop App:

Text messages, Facebook Messenger, Yahoo Messenger, Whatsapp etc… all have a major flaw: A backdoor.

It’s no secret that the government can easily access our communications, in some cases, without a warrant.  Here is an article I wrote about the IRS accessing telephone information.  The NSA has also been known to traverse through phone records.

signal1

Signal, a private messaging app alternative, has just launched a desktop version of their application which can run through Google’s Chrome browser.  Many privacy advocates use this as their primary messaging service, including Edward Snowden.

If you are an Android user, you are in luck.   You will be able to link your Android account to the desktop version for seamless messaging.  iOS linking is forthcoming.

The linking service with Android devices will allow you to have all your contacts and chat-logs from your Android app loaded into PCs.

signal2

Mobile Version:

If you are using the mobile app you may need to be careful with your data plan.  Signal uses a data connection to send encrypted SMS messages, so SMS traffic will count against your carrier data cap.

With recent current events, many governments are calling for a ban on end-to-end encryption.  They claim that encrypted data gives terrorists and criminals an opportunity to conspire worry-free.  Here is an article I wrote about why some people may prefer private communication even if they aren’t a criminal.

There are almost ten thousand people waiting for this desktop beta of Signal.  Head over to their website today to get in line.

Have you had a chance to use encrypted messaging?  Has it been a positive experience?  Let us know in the comments below.

IRS to Stop Snooping your Cellphone

irssnoop

Stingray:  

Think your cellphone is secure? Think again.

Your phone’s location can be found with a Stingray device.  The Stingray is a cellphone tower simulator.  It can also interrupt your calls and text messages.  While in use it can intercept data from a target phone as well as other phones in the area.

stingray

These devices can be very useful for criminals, but are also being used by the United States IRS.  Back in October of this year, Koskinen told a Senate committee that IRS Stingrays are “only used in criminal investigations”.

According to a letter written to an Oregon Senator, the IRS director wrote that the Stingray has only been used in 11 grand jury investigations.  37 phones in total were tracked.

The IRS first got their hands on the Stingray device back in October of 2011.  It is now in talks to obtain a second one.

stingray2

A Warrant is Now Required:

Thankfully, the IRS will now be required to obtain a warrant before using the Stingray.

This just leads me to wonder.  How many other ways is the government compromising our privacy without the use of a warrant?

What other ways could our privacy be compromised.  Please leave a comment below:

 

NSA Bulk Phone Record Collection Halted Sunday

phoneprivacy1

The USA Freedom Act, that passed in June, demanded the NSA to stop its bulk phone records collection program on Sunday.

The Obama administration said on Friday that it would proceed with the scheduled closure.

Before celebrating, it should be noted that it appears the NSA kept its email metadata program after it “ended” in 2011.

NSA Bulk Phone Record Collection:

NSA

Edward Snowden revealed that the NSA had been collecting large amounts of metadata from calls made by AT&T and Verizon patrons.   This was unknown to the public until 2013 when the Guardian revealed this information from the former security contractor.

Now the NSA will have to obtain a warrant from the Foreign Intelligence Surveillance Court to request data about a person or a group from telephone companies.

 

The existing call database will be kept “until civil litigation regarding the program is resolved”.  The office claims that they will not use it for surveillance.

After the November 13th attacks in Paris, may senators tried to delay the end of the metadata collection program.   They did not receive enough support and the plan to stop metadata will continue.

It’s your privacy:

phoneprivacy2

It is sad to think that the government had been collecting telephone data on all of us for such a long time without probably cause.  I suggest using other methods of communication that are more secure.

What methods do you use to communicate?  Google voice? Snap chat? Facebook Messenger? Text Messaging?  Are these honestly secure?