More tips for the privacy conscious

JimC2 · **Posted:** Wed, 26 Dec 2007 19:31:16 +0000

More tips;

A Practical Security Handbook for Activists and Campaigns (v 2.5)
at http://www.activistsecurity.org/booklet-2.6.doc

Mobile phones, the stealth ID card, bug and tracking device in your pocket
at http://www.wombles.org.uk/article200612574.php

Home Office whistleblowers - hints and tips
at http://p10.hostingprod.com/@spyblog.org ... s_hin.html

(However, I would strongly advise that everyone steers well clear of using Hushmail email accounts).

Whist the above publications are mainly aimed the self-proclaimed 'animal-rights', 'hunt saboteur' rent-a-mob types, they contain a wealth of information for law-abiding, members of the public.

JimC2 · **Posted:** Fri, 28 Dec 2007 16:57:30 +0000

In case you need some convincing;

http://en.wikipedia.org/wiki/ECHELON

IMPORTANT visit the links featured on the above page.

Jackolantern · **Posted:** Wed, 09 Jan 2008 18:45:49 +0000

Why avoid hushmail accounts in particular? are they worse than any other?

JimC2 · **Posted:** Sat, 12 Jan 2008 10:19:53 +0000

Until September 2007, Hushmail received generally favorable reviews in the press.[1] [2] It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not as imminent in Canada as they are in the United States and if data were to be handed over encrypted messages would only be available in encrypted form. However, recent developments have led to doubts among security-conscious users about Hushmail's security and concern over a backdoor in an OpenPGP service. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.[3] One example of this behavior is in the case of U.S. v. Tyler Stumbo. [4],[5], [6]. In addition, the contents of emails between Hushmail addresses were analyzed, and a total of 12 CDs were turned over to US authorities.

The issue originally revolved around the use of the non-java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase. Hushmail has stated that the java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user. [7] [8] Hushmail recommends using non web-based services such as GnuPG and PGP Desktop for those who need stronger security. [9]

References:

1 http://www.pcmag.com/article2/0,1895,1136652,00.asp
2 http://www.npr.org/templates/story/stor ... Id=5227744
3 http://blog.wired.com/27bstroke6/2007/1 ... e-mai.html
4 http://static.bakersfield.com/smedia/20 ... ate.25.pdf
5 http://blog.wired.com/27bstroke6/2007/1 ... e-mai.html]
6 http://blog.wired.com/27bstroke6/hushmail-privacy.html
7 http://blog.wired.com/27bstroke6/2007/1 ... e-mai.html
8 http://blog.wired.com/27bstroke6/hushmail-privacy.html
9 http://www.hushmail.com/about-security

SOURCE: http://en.wikipedia.org/wiki/Hushmail

jackolantern · **Posted:** Sat, 12 Jan 2008 14:04:02 +0000

thanks for this info !

Mr Tor · **Posted:** Tue, 18 Mar 2008 17:56:45 +0000

spyblog.org.uk has now updated its guide entitled;

"Hints and Tips for Whistleblowers -
Technical Hints and Tips for the anonymity of sources for
Whistleblowers, Investigative Journalists,
Campaign Activists and Political Bloggers from Spy Blog"

It can be found here;

https://s.p10.hostingprod.com/@spyblog.org.uk/ssl/ht4w/

JohnDoe · **Posted:** Sat, 22 Mar 2008 10:48:43 +0000

Another good source of information on Internet privacy can be found in the document;

"Network Forensics Evasion: How to Exit the Matrix"

which can be found here:

http://exitthematrix.dod.net/matrixmirror/index.html

FishNChipPapers · **Joined:** Fri, 20 Jul 2007 14:56:11 +0000 **Posts:** 1948

Something else which might be of interest: PrivacyFinder.org as discussed here:

Quote:

So it's exciting to report that one small search engine is experimenting with ways to be an aide, rather than a threat, to privacy. PrivacyFinder is a research project at the CMU Usable Privacy and Security Laboratory (full disclosure: Lorrie Cranor, who heads the lab, is also on the EFF Board). It offers an interface to Yahoo! and Google, but with two notable improvements: an excellent logging/data retention policy, and a feature that shows the user information about sites' privacy policies along with the search results. That way, if two sites offer the same service but one of them is better from a privacy point of view, the user will see that quickly. The PrivacyFinder researchers tell us they've observed that people will, for instance, pay more for an item from an online store if they can see that it has an excellent privacy policy.

PrivacyFinder seems to be making productive use of P3P, an old privacy standard that has, in many other respects, fallen short of expectations. If you run a search on the site, you can quickly see when one result matches your standards and others don't.

Privacyfinder's logging policy is amongst the best in the industry (Ixquick is also first-rate). Privacyfinder only keeps search records for a week, unless the user explicitly opts in to being tracked. Because the CMU Laboratory wants to do research on the use of search engines, it's offering prizes for people who are willing to be tracked for research purposes. That's the way we like to see it done.

NO2ID

More tips for the privacy conscious

Who is online