Archive for the 'Liberties' category

If you want to do discreet (if not completely anonymous) P2P, Bittorrent and Gnutella or Kazaa are not your friends. With the advent of more attention from authorities, it is difficult to consider them as good opportunities.

I have been looking quickly at some of the possible solutions to protect your privacy while exchanging files over the Internet. I found the following ideas:

• Omemo is a recent Spanish development. I tried it and it is very obvious that the program is still in beta. Essentially, I was unable to download a file if it was not very small in size or to upload any. Let’s wait until it works.
• GigaTribe seems a good solution if you are willing to pay for the Premium package. It builds a closed network with your friends, but the standard (free) software is not able to grab files from multiple computers at the same time. So performance is very limited for the free version. GigaTribe3 is said to correct a number of issues some time later in 2008.
• Freenet is rather difficult to use at first, but if you run Thaw, one of the applications provided at installation, you will get a large choice of file downloads and performance while limited is not ridiculous: A few days for 2GB of video, it could be much worse. However, some may be troubled by the kind of data found there: While the common P2P data can be observed, you will also find conspiracy-related information and a quite significant load of pornography and child pornography (normally not found on the more open Internet).

I don’t know where the future of P2P lies, but it is certainly around some of these darknets (networks that are protected from external Peeping Toms). Freenet is supposed to be the best and most secured one, even if it is not perfect (it seems clear that some powerful agencies have setup some Freenet nodes in order to be able to spy the traffic).

The TSA (or Transportation Security Administration) is in charge in the US of the organization the safe transportation of people in planes and through airports. Unfortunately, either they have a lot of other responsabilities (which is true) and fail at this one (which is also true), or they utterly incompetent at insuring the security of the passengers (true again).

I have been amazed at the number of horror stories that I could find lately about their abysmal track record, so here is a short compilation I made just for your your laughs (or cries).

• TSA has opened a blog web site. It was supposed to help passengers. It has been the focus of a lot of attention from Internet users. They recently apologized to the blogesphere (sic) for arbitrary gadget screenings (at least in San Francisco SFO, they required all electronic devices and cable to be removed from bags for screening)
• TSA has a no-fly list of people who should not board airplanes for fear of terrorism. This list is a shame since it contains tens of thousands of names remotely linked to terrorists (if they are dead, like Mohamed Atta known for dying on 911, they do not even get removed from the list) and even very common names are included making the life of thousands of innocent people impossible in airports. Like Sam Adams, 5, probably very dangerous despite his nice smiling little face.
• Speaking of faces, TSA started to train its screeners with some facial expressions that are considered ground for additional screening and interrogation (in a program called SPOT (Screening Passengers by Observation Technique) probably only a thin veil on “let’s stop this guy because I don’t like his face“). Unfortunately, they would not say if you should avoid smiling or making faces to the TSA personel. After that, you immediately think about George Orwell’s 1984 (”facecrime”) and Kafka’s Trial (not to speak of stalinist behavioral crimes). And when you see how untrained the screeners are…
• Speaking about training, should I mention the cases where the agents are so unable to handle your belongings that they drop them on the floor. Don’t mention dropping a T-shirt. Think about pro-photo equipment like here or here.
• TSA and some English goons decided that transporting liquids was a major terrorist danger. Even if it is the milk bottle of Junior, the Coke for Dad or the Perrier for Mom. So, now, liquids in more than 100ml are prohibited from your carry-on luggage (even though it is more or less admitted that the threat was exagerated). Except if they are in a clear plastic bag. What has this to do with security? Does it make a difference between the following two eye mascara sticks?



Images copyright of Crazy Aunt Purl

• Even pilots are annoyed at bullshit “security” procedures that the TSA has put into place. [The linked article has interesting references to British Security officials admitting that the "liquid bomb plot" public statements were overcooked, inaccurate and “unfortunate.”

In the spotlight: Sony Alpha 900 Canon EOS 5D Mk II Nikon D700 FX Download Nero for free

• The TSA web site supposed to help people request their removal from the no-fly list has been demonstrated as a major Internet security risk, it looks more like a scam with all the security errors/snafus than an important US national asset handling personal data.
• Sometimes, you can get stuck on the no-fly list for unobvious reasons. Like artist Ramak Fazel or singer Cat Stevens.

After that, would you be surprised if I told you that:

• There is a web site collecting complaints and horror stories about TSA: TSAcomplaints.com
• Privacy International ranks US, UK, Russia and China in the same "black" category of countries where wishing for privacy is becoming just day-dreaming ("endemic surveillance societies" to quote them).
• Even, according to a story [...] in the London Daily Mail newspaper, the British government has had enough with the “War on Terror” hype. [from Spurgeon Blog]
• I am in no hurry to test the US borders by taking a plane to go and see my American friends. Sorry Veronica, Renata, Bing, Michael, and others.

Here we are! Transport regulation authorities added the Lithium batteries to the list of banned objects in carry-on luggage in planes.

Of course, Lithium batteries can explode. But they took the additional step of prohibiting them when they are out of the device and contain more than 2g of Lithium…

Photographers leaving for a long trip: Put them in the checked luggage if you do not want to see them ending with fire-arms, knifes, cutters and mineral water bottles (in the junk bin).

What could be the use of network hard disk drive of one Tera-Byte which would strictly refuse to serve files because there may be a risk of breaching licensing agreement potentially applicable to them? This is the question that potential buyers should ask before purchasing the Western Digital disc drives using WD Anywhere Access: WD My Book World Edition.

There is a long list of file suffixes that cannot be shared on a network (even a local one) on this type of hard disc drive.

In my opinion, a WD My Book World Edition disc is defintely worthless. You cannot usefully put on it an MP3 file, and AVI file, a TMP file, a QuickTime video or a Windows Media video. Western Digital seems worried that you may not have the licensing rights for these. So they don’t want you to use them. Leave those Western Digital discs at he irresponsible stores which are selling them or bring them back.

Year after year, there are a few photo images that wrote History. LukeProg found 52 of them. The choice is always subjective, but most of them really hit the public.

I was recently confronted (during the preparation of my photo trip to Brazil) to a situation somewhat common. I did not take notice of it before, but I was tickled this time.

Facts first: In order to reduce the cost of lodging during my trip the travel agent offered to share my room with another photographer travelling alone too. It happened before and for a an expensive trip like a phot safari, this can be appreciated. Nevertheless, what had me thinking was slightly different: In this same trip, there is a lonely woman photographer; But the travel agent told me that they could not offer me (us?) to share our room because I am a man.

The implicit reasonning is that the sexual difference could create a problem that the agent does not want to be responsible for. It is still possible to negotiate this in the beginning of the trip though – under our own responsibility.

I was stricken by the fact that it is an a priori position deeply marked by the travel agent hypothesis that their customers are heterosexually inclined. My intent is not to criticize the agent, but to think about the fact that this is a preconception shared by the general public and reflected in many of our society’s aspects. Sexual tension between two people is only thought as possible between a man and a woman. This is the case when you may share a hotel/lodge room, you separate gym’s dressing rooms or toilets, you have special days for women in a hamam, etc.

Isn’t it weird that this hypothesis is still so common? I mean, after all, our societies ignored (or denied?) homosexuality up to quite recently. But current figures give estimates of the number of homosexual people at one or two millions in France [1], 800,000 among French men between 18 and 69 [2], nearly 1% of Canadian marriages [3], 65,000 in the American armed forces [4]. Simply from these figures, it is easy to state that the mere hypothesis of the absence of homosexuality should be abandonned by our society.

When will we see dressing rooms that are either without sexual distinctions or completely individualized, shared toilet rooms, etc.?

This is the calculation done after a poll realised by ORB, the British poll company in Iraq, and asking the following question to 1481 people aged 18+: “How many members of your household, if any, have died as a result of the conflict in Iraq since 2003 (ie as a result of violence rather than a natural death such as old age)? Please note that I mean those who were actually living under your roof.”

The answers:

None 78%, One 16%, Two 5%, Three 1%, Four or more 0.2%

If you use the last census figures (more than 4 million homes in Iraq), it allows to reach 1,220,580 deaths (more than a million, right).

Unfortunately, this is well in line with the figures published at regular intervals by The Lancet (medical journal) that presently evaluates the death toll to around 600,000 from medical data.

The original Deltoid article applies a few additional checks to ensure that this is not skewed and it stays in line with reality (you should always have that kind of caution with statistical data), but it is easy to understand why Irakis are not happy with the presence of troops from US, UK and allies. Since 2003, they are reliving the nightmare of the Iran-Irak war, but they are under occupation. Go wonder why they are not receptive to the arguments from the Bush administration…

Michelle Roohani is not only an interesting photographer that I already mentionned here a few months ago, a good friend, but also able to stir things up a little. In a recent post titled “Suicide, a fundamental right“, she suceeded in promoting a quite interesting talk about a difficult philisophical subject. I think that it’s well worth spending a few minutes there. At least, for the comment thread.

Chinese authorities have placed Tibet under their jurisdiction in 1950. Since then, the country has been submitted to a regime that, even compared to the usual Chinese standards, can be considered extreemely hard. Today, we learn that 250,000 Tibetans (1/10th of the Tibet population) have been relocated to new villages of the “comfortable housing program“.

It seems that the Chinese government will stop at nothing to install Chinese people in Tibet, crush the Tibetan language and the Tibetan culture, to reduce even the Dalai Lama (71-year old) to an exiled intellectual authority that can be ignored from the country itself.

Source: McClathy.

Dr. Philip Zimbardo was the psychologist behind the Stanford Prison Experiment (SPE), where in 1971 in a fake environment students experiemented with the influence of the environment on the apparition of behaviours that are considered as highly anti-social (quite normal graduate students played the roles of guards and prisoner, and quickly -in 6 days- derailed into extremes -like sexual abuses and emotional breakdowns).

Guy Kawasaky has on his very blog “How to change the world” a interesting interview with Dr. Philip Zimbardo looking back at the Stanford Prison Experiment (SPE) and what it tells us about ourselves and today’s issues (including in relation with the Abu Ghraib incidents).

As you certainly know, continental/communist China is one of those countries that have an institutionalized censorship system to protect its citizens. It starts with a very strong management of Internet cafés, but it is also based upon a stringent filtering of many web sites out of the country and judged as undesirable. Very efficient, but what are the filtered web sites? You only have to test on GreatFireWallOfChina.

I am happy to report that roumazeilles.net is not censored there and can be read from China.

There is currently a talk in the US legislative body whose intent is to force all writers of blogs having more than 500 readers to register themselves as lobyyists or face jail time. This is the result of an amendment introduced by Senator David Vitter that is currently struggling to be transformed into law, but it would be one of the strongest blow against the US Constitution First Amendment rights.

Sources: PRNewsWire and GrassRootFreedom.

It may be a little oddity, but I feel it’s an interesting idea for all those who want to browse the web anonymously. Usually, there is only one solution: using an anonymizer proxy, but APAZ is bringing you a nice twist to it by allowing you to build your own anonymizer proxy (a server allowing to hide the actual origin of a web communication).

APAZ is a small PHP software that can be installed nearly anywhere you can host a small PHP-based web application. It provide on-demand anonymizer proxy. It’s no longer necessary to dig into long lists of more or less available proxy servers.

Congratulations to Emmanuel Saracco for this simple and good idea. Download from http://labs.libre-entreprise.org/scm/?group_id=107.

Public-Key Cryptography is a very common technique used to protect sensitive information by encoding it in such a way that decoding relies on the extreme difficulty of some mathematics techniques (like finding the root factors of a prime integer). Today, a large part of our security is relying on this (including most of the secure communications over Internet).

But German cryptologist, Jean-Pierre Seifert (Universities of Haïfa and Innsbruck) seems on the bring of reavealing an unusual line of attack to this critical technology. He is set to present this in the next RSA conference in 2007. This could be a shattering blow to Internet security as we know it.

Essentially, the attack relies on the possibility to observe the operation of the CPU itself. Today’s microprocessors include a technique known as predictive branching that tries to anticipate results of some calculations. If the prediction is right, everything is very fast, if not the microprocessor still has to do a lengthy calculation. This results usually in huge performance improvements, but for the cryptologist it means that without knowing too much you can identify (from the exterior) what the microprocessor calculation results are, just by looking at the time it takes to do the computation steps.

This opens the door to a new generation of spying software that could rather easily crack the secret keys of some of the communications we consider quite secure. For the moment, since no precise details have been given, and since no demonstration has been made in the public, we are rather secure, but the vast majority of the specialists already consider that approach will certainly lead to a flurry of new easy-to-write spyware (before that cracking the secure key of those communications could take from years to millions of millenia of heavy computation; now we are speaking of near instantaneous break through).

Solutions exist. In most cases, it involves either a heavy modification of the microprocessor (Intel security manager is currently reported as unavailable for comments for the coming weeks and it does not look like an easy solution) or many software modifications that could have impacts from minor to nearly-impossible-to-implement in the real-life computer (software patches may not be possible to create for some of the applications since the problem comes directly from how the microprocessor makes its computation).

Sources: Various including PhysOrg.com and Le Monde.

You can expect this to be discussed at length in the coming months.

It did not take long: The electronic passport, that several countries actively defend (particularly the United States of America that tell us it will be the ultimate weapon against terrorists and frauders) and are preparing for full distribution, met a string of very significant problems last week in the Black Hat convention of Las Vegas.

First, a GErman hacker, Lukas Grunwald, proved that it is possible to reproduce the individual electronic code of the passeport (this the end of the proven unfalsifiable identification). He only needed the public documentation of ICAO (International Civil Aviation Organisation), a freely available ePassport reader with its freely available software. Then, in a matter of minutes, he merely did a copy of an existing passport (more precisely of the electronic part of the passport: the RFID chip integrated into the passport and that is intended to be read from some distance). The simple copy of the electronic contents of the passport should allow to easily forge a full passport (let’s think of an air ppirate needing a forgery good enough to allow him to pass unrecognized at the check-in controls of a busy international airport). The worst is that all the information is coming from public documentation and the hardware can be bought readily.

Furthermore, we should remember that the electronic data is easily accessible from a distance (reading/data-exchange without contact) thanks to the properties of the RFID chip. Authorities tell us that the bearer of the passport will choose when his/her passport will read.

But, here comes the second problem or the second failure. How does the bearer protect herself against illegal or fraudulent access to her passport data? Remember that just passing in front of a small inconspicuous machine reader is enough to let it being read. Nobody will ask you to draw it from your pocket. So, the second issue (and the most worrysome) becomes that somebody could easily steal your passport data and you wouldn’t know. Or, even worse, a terrorist may decide to build a bomb that could explode if it detects a specific passport. We are not far from the bomb targetting American passports. Wouldn’t it be interesting fro certain types of terrorists?

Sure! You can roll your passport in an aluminium foil (do you remember the “tinfoil hat” of our young years?) but can you see yourself unrolling tinfoil anytime you go through the airport security (and remembering to do the oppiste just afterwards)? Just to protect yourself against fraudulent usage. We are told that passports could come with an integrated tinfoil cover. Then, where is the distance reading of the passport? Where is the advantage compared to the simpler, easier optical reading?

Deployement is already started in some countries. I wouldn’t bet that this is reliably, reassuringly simple technolgoy. Would you?

Sources:

• Wired
• The Register (UK)