Tag: privacy

Samaritans Radar and Twitter’s Public Problem

Let me preface this by saying that contact from friends through Twitter when I have been at low points has absolutely saved my life. I would be dead if it were not for my friends on Twitter. Now, with that out of the way, read on.

The Samaritans have proudly launched a new app that when activated will alert the user to tweets from people they follow that might betray suicidal thoughts. When you sign up to Samaritans Radar it will watch the tweets of everyone that you follow and will email you as soon as it notices any tweets with key words and phrases related to depression. It is described as working through “a specially designed algorithm that looks for specific keywords and phrases within a Tweet.”

Spotting when a friend is low or suicidal is a laudable aim but this app immediately rings huge alarm bells for me. There are huge implications for privacy and consent. It seems that the Samaritans have considered only the privacy of the person that signs up to use the app, but says nothing about the privacy or consent of the people that the app monitors. In fact the website assures us that “The people you follow won’t know you’ve signed up to it and all alerts will be sent directly to your email address.”

The reaction to this app has been divided. On the one hand there are scores of people who seem very pleased with this and think it is a useful tool and a great idea. On the other hand, nearly everyone who I know who has or has had mental health problems has been immediately shocked, outraged and scared by it. The objections are many, including that people may self-censor if they think that they will trigger this app, that they may trigger it too often, that the app may be used by stalkers to pinpoint when a person is most vulnerable. Or spammers. Or evangelists. It is natural, then, to ask whether someone can reject Radar. Alas, it seems not. The Samaritans director of policy was asked the question and his response was troublesome to say the least: lock your Twitter account.

https://twitter.com/Ferns_Joe/status/527450160214056960

The idea that people should lock their account to avoid something is one that is also frequently used to defend harassment and to defend doing nothing about harassment. It always comes from people who have not experienced the issues that might drive a person to hide in that way and who thinks it acceptable to tell marginalised people to hide themselves if they don’t like society. It is unacceptable to drive people to hide rather than address a problem within society. The same viewpoint says that tweets are public and searchable therefore anything that people chose to do with them is OK. That is also unacceptable.

https://twitter.com/Ferns_Joe/status/527452663185948674

Radar may be limited only to those who follow me but I have over 6,000 followers. I follow only half that number, and I actually, really know only a few hundred at most. Among my followers are people who hate me and people who are my political enemies who are keeping tabs on my activities so limiting something to my followers is not good enough.

https://twitter.com/PaulAshYoung/status/527461305104744448

https://twitter.com/Ferns_Joe/status/527454616024539137

The suggestion that we don’t know how Twitter works is really insulting. People use Twitter in many different ways. For some Twitter is a news stream, for others it is a marketing channel. It is a place to chat with friends, a place to campaign politically, a place to turn for help, a place to commiserate. Twitter is just a place that humans inhabit and do human things in. The trouble is, Twitter doesn’t know this. The terms and conditions allow the whole stream of tweets to be sold to organisations for various purposes with or without consent.

Here’s the thing. We do know that tweeting is broadcasting. But tweeting is also a conversation among friends in a pub that can sometimes be overheard by others. Some of those others may be casual acquaintances, complete strangers, investigators from the DWP, or journalists. We may or may not care if they overhear. Sometimes something said to friends in a public place can be reported in the news worldwide. That doesn’t mean it’s what you expect to happen. Neither do we expect a mental health charity to create a tool that makes it easier to violate people’s boundaries.

Are you the kind of person that sneaks up to people’s private conversations to monitor them just because they’re in a public place? Because that doesn’t tell me I don’t know how things work, that tells me that you don’t know how society works. There’s an awful lot of people who have no idea of boundaries and think lack of technical block is society’s blessing to do something.

https://twitter.com/geeoharee/status/527461872589484033

https://twitter.com/IamMrJ/status/527459149068902401

The thing is, Samaritans almost get how Twitter can be used. On the Radar web page they say:

“Samaritans recognises that social media is increasingly being used as an outlet for people to share their feelings. In addition, there are some who may go online in the hope that someone will reach out and offer support.”

They must realise that the way a person sharing their feelings uses Twitter is different to the way that marketers or organisations use Twitter.

I think that the concept of an app that can alert a trusted friend about bad mental health episodes could have some merit however any such app must obtain full consent from the person being monitored and it must allow the individual to choose who they trust enough to receive the alerts. I might even use such an app in those circumstances.

Try again, Samaritans.

Please sign the petition to get Samaritans Radar shut down

Related Reading

Former Samaritans volunteer @elphiemcdork: The Samaritans Radar app – the problem is right there in the name.

@YetAnotherLefty: On “Samaritans Radar”

@adrianshort: Samaritans Radar: paved with good intentions

Serious questions raised over whether Radar is compliant with the Data Protection Act:

@bainesy1969: Samaritans Radar – serious privacy concerns raised

@aimscetera: Email to Samaritans about Radar

@susanhalluk: Weary, Stale, Flat, Unprofitable - and in breach of the Data Protection Act

You can reach The Samaritans on 08457 90 90 90.

Undead ID cards

ID cards aren’t dead, they’ve just been privatised.

The main feature of welfare reform is replacing a host of benefits with Universal Credit. Not only will those on out-of-work benefits have to switch, but also those on in-work benefits like Housing Benefit and Tax Credits. The DWP want everyone to apply for and update Universal Credit over the internet and part of that is proving your identity through a third party service.

“The identity registration service will enable benefit claimants to choose who will validate their identity by automatically checking their authenticity with the provider before processing online benefit claims.”

The DWP have today announced their choice of commercial providers of this identity service. You get to choose from The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon but if you want Universal Credit then you have to do it.

Even more worryingly, the DWP press release states

“The online Identity Assurance model will be incorporated into Universal Credit as it’s developed and rolled-out. Over time Identity Assurance will become available to all UK citizens who need to access online public services.”

The intention is obvious; when all government services require Identity Assurance everyone in the country will have to sign up. A cynical view would be that by starting with benefit claimants who have no choice the scheme gains momentum before other people can object. The “ID card” may be virtual only, but the lack of a physical card doesn’t change the problems inherent in an identity database.

13 November 2012 – Providers announced for online identity scheme [DWP press release]

National ‘virtual ID card’ scheme set for launch (Is there anything that could possibly go wrong?) [The Independent]

Government plans to read your emails, IMs, txts, web browsing - not a joke

A lot of people were surprised to see a story from the BBC and from ITV claiming that the government plan to monitor and store details of electronic communications of everyone in the UK, including emails, web pages browsed, text messages and telephone calls. Many have decided that it cannot be true, especially as it appeared on the 1st of April.

Sadly, it is true and it is not a new idea. The plan was written about in The Telegraph last month but the plans are much older than that. The last Labour government, lover of all things authoritarian, came up with the Interception Modernisation Programme which in its original form would have had details of all electronic communications sent to a central government database. When the government eventually realised that this would be completely impractical they shifted the work to the service providers, who would all have to keep the details of the communications travelling through their networks and give the government access to their database at all times. The service providers realised just how much this would cost and so the government committed £2 billion to cover those costs over ten years. The plan was heavily criticised by the Conservatives, who published a paper titled Reversing the rise of the surveillance state. (Which is still on their website.) It was also criticised back then by the London School of Economics. The plan was shelved in 2009 after opposition from communications service providers and a realisation that it would not be popular with the public.

After the election, though, the Conservatives decided to resurrect the plan, giving it a new name, the Communications Capabilities Development Programme. (CCDP) Questions were raised in 2010 by the Information Commissioner’s Office and it was mentioned in The New Statesman. Now the government are pushing ahead with the CCDP and the queen’s speech will say that they intend to introduce legislation to implement the programme as soon as possible.

There are many things wrong with this programme of spying. It is impractical, expensive, a huge violation of our privacy, it places too much power in the hands of government, a government who we cannot trust. Making the full details of who talks to who available will allow security personnel to trawl through our data on fishing trips instead of requiring some basis for suspicion. Combined with the database for Universal Credit, which will be almost as comprehensive as the National Identity Register that was criticised so much by the Conservatives, and the centralisation of medical records, this provides private information about us all to the government on an unprecedented scale with huge scope for abuse and for life-destroying mistakes.

If these plans scare you, please write to your MP to tell them your objection to the Communications Capabilities Development Programme. You can use WriteToThem.com to send it if you don’t have their details. Please sign the Open Rights Group’s petition against government snooping and maybe consider joining the group too.

You should also look at ways of concealing your communications. This works best when you hide everything, innocent or not so that nothing is suspicious. I have written in the past about TOR from the point of view of helping other countries, but it is worth a read giving consideration to using it to protect your own privacy. The more technical might consider reading my thoughts on the concept of a paranoid computer.

Related stories

Here are news stories from before the 1st of April, for those who refuse to believe it.

Privacy Injunctions and holding the press to account

Believe it or not, I believe in personal privacy. I have more or less sacrificed mine by choice through my writing on this blog and through my use of twitter but for most of my life I tried very hard to keep most things about me private; certainly away from the internet. I explained in my blog post “You have zero privacy anyway, get over it” why I think that we are voluntarily giving up much of our right to keep our lives private but I still believe that we must have the option of privacy if we want it.

I also have much contempt for tabloid newspapers and celebrity gossip magazines that do all they can to expose the private lives of the rich and famous and the not-so-famous if they happen to have appeared in public life for a few minutes. While many desperate wannabe celebs may give their information out to be published voluntarily, many more do not and yet still find their image plastered all over the media and people everywhere discussing the intimate details of their sex lives or of their family. I find it particularly vile when tabloids discuss the private lives of ordinary people with the intention of destroying them or simply of making a titilating story. These stories often expose and condemn actions of ordinary civil servants, teachers and other underpaid hard-working people, destroying their lives just to create a tiny bit of outrage for their readers. (And that not even deserved - why shouldn’t civil servants and teachers enjoy the same right to go to the pub and drink that every other person enjoys?)

On the other hand, I do think it is right that the press expose relevant information when politicians and people with responsibility or power do something that compromises their job. That probably doesn’t include who they sleep with unless they committed a crime in doing so or endangered their impartiality.

How, then, do we call an end to this voyeuristic exposure of people’s lives in tabloids and gossip magazines while still allowing the proper reporting of things that actually affect us? Those who can afford it have turned to the courts and to injunctions. Injunctions have been used to order the media not to report on something that they have discovered such as a celebrity sex scandal. More recently we have had super injunctions which have prevented the press from even reporting that they are subject to an injunction. Then we have hyper-injunctions, where people subject to them are forbidden from talking to their own lawyer or even to their MP. John Hemming MP took great exception to this when he discovered it, and he used “Parliamentary Privilege” to expose an injunction by discussing it in parliament. Parliamentary privilege allows MPs to discuss anything they wish in a parliamentary debate without fear of prosecution. This of course is necessary for the law to function properly, however everything that is discussed in parliament is also recorded in Hansard and broadcast on BBC Parliament and therefore is in full public view. Once discussed in parliament the newspapers and tabloids felt free to discuss the injunction although judges have questioned whether that was legal or not.

In many cases the injunction has become the story and the injunction has fuelled the story and given publicity to the scandal behind it. I have heard from people over and over again that they had never heard of the people that were the subject of an injunction, but that now they had because of the injunction.

The important point is that once exposed, whether through discussion in parliament or through simple gossip and leaks, the internet and social media can get hold of the details and repeat them endlessly. Some of those repeating the information are not even in the UK and are not subject to UK courts so there is nothing that the courts can do to prevent this. In the most recent case twitter has been full of endless tweets and retweets about a certain footballer and Imogen Thomas, fuelled by outrage at his injunction. Some 30,000 people are estimated to have repeated this information. Clearly, in the age of social media, these injunctions are useless.

I think that injunctions have been misused. I believe they are supposed to protect innocent parties from damage caused by pointless publicity but they actually seem to be a tool of the rich. People like you and I cannot afford an injunction; a footballer or a media boss can. Being available only to the rich does not in itself make injunctions wrong, but being used simply to hide infidelity does seem to me to be wrong. If a footballer thought that his reputation would be damaged if people knew that he slept with a Z-list Big Brother contestant, he could have refrained from doing so.

What is the solution to irrelevant gossip destroying people’s lives then? I believe that we need much better oversight of the media industry. The Press Complaints Commission is a toothless, meaningless body that hardly ever rules against the newspapers. We need something much stronger, with much more power, and perhaps much more democratic. Newspapers need to be accountable for inaccurate or even fictional stories, and justice needs to be accessible to everyone and not just those that can afford a libel lawyer. We also must require corrections and apologies by newspapers to be of the same prominence as the original story. That means the an incorrect front page headline must be followed up by putting the correction in as a front page headline. A recent complaint about the Daily Mail making a factually incorrect claim that “Half of claimants are not asked to prove eligibility” has been “corrected” by simply publishing a letter of complaint at the bottom of the story on the website. While that may be seen by future viewers, nearly everyone has seen that story and moved on. No one is going to revisit the story just to see if there is a correction! The PCC considers this to have been “amicably resolved.”

Social media has made injunctions useless. Even the prime minister thinks so, so perhaps now we will see some change. We must have better regulation of the media while at the same time ensuring freedom of the press, which is absolutely necessary for a democratic society to function. We must reform the Press Complaints Commission, and we must stop this purchasing of the law by the rich.

 

Related Links

Forty Shades of Grey: Ryan Giggs Shagged Imogen Thomas

Telegraph: ‘Hyper-injunction’ stops you talking to MP

Guardian: Privacy law unsustainable in age of social media, says Cameron

Tentacles of Doom: You have zero privacy anyway, get over it

A True Story Of Daily Mail Lies

Baskers World: Sticks and Stones. Perhaps it’s time to go?

News Statesman: The weekend Twitter mocked the English Courts

 

 

 

You have zero privacy anyway, get over it

“You have zero privacy anyway, get over it”

Those words were uttered by Scott Mcnealy, CEO of Sun Microsystems, in 1999. It made a big storm at the time in computing circles and left a lot of people outraged. This pre-dated Facebook, Myspace, Twitter, even Friends Reunited and so the age of sharing every intimate detail had not yet arrived but there were signs; in 1997 I and many of my friends at university had personal web sites on which we did share information. In fact, I had my CV available on my web site which I wouldn’t dream of doing now.

In reality, in 1999 privacy was an issue that was both important and not important to me. I was paranoid about my personal email and telephone calls being snooped on and I used PGP to encrypt my email. On the other hand, I happily gave out my name, address, email address, age, girlfriends name, my course at university and more on my university web page and my Tripod web page. Now days I am much more careful with my information and if it is online at all I try to restrict its visibility to just a few people but back then it wasn’t important to me.

I think there are two reasons for that. One reason is simply that web pages were new and exciting technology, and we all got carried away. The other is that individual web pages did not carry the same big-brother overtones that social networks do. When the data is held in one central searchable database it seems very different to many separate web sites. Back in 1999 we barely even had effective search engines, with Google being less than two years old, and so most people looking at a personal web site would be friends, family or colleagues. I first started to lock down my information when I realised that it could have a negative impact in the future. Future employers could easily search the internet for a name and refuse someone a job based on what they see.

With Facebook and other social networks, we are encouraged to share all sorts of personal information. Many people share their complete education history, work history, relationship status, religious beliefs, hobbies, favourite music, film and books, birthday, who they are friends with, status updates and photographs. All this information used to be exposed by default on Facebook, but if you sign up now it will at least mark these things for viewing by friends only. Even so, many teenagers have this information available to everyone and are not even aware that it could be any other way or why they might want that.

Search engines are a huge problem for privacy. Type a persons name into Google, and the chances are that you will find their social networking accounts and their photograph. You will also see personal directories such as 123people.co.uk which gather a worrying amount of information from social networks, the electoral roll, public records and so on. These directories and search engines make it very difficult to hide yourself from searches.

Another aspect of privacy is tracking. People have been worried for years about being tracked by advertising networks such as Doubleclick. (Now owned by Google.) A lot of people delete browser cookies on a regular basis to prevent this tracking. It is also possible to opt out of this tracking. More recently many websites have started to select adverts to show the viewer based not only on the tracking information but also on data from websites viewed. For example, last year I searched the Halfords website for toolboxes of a certain type. For about a week afterwards I saw adverts for toolboxes of the type I had been interested in shown to me on many web sites. (I normally block adverts, but I couldn’t at that time.) I could see this being very damaging if it showed adverts for something you wished to keep secret while someone else could see the screen.

In 2008 a company called Phorm tried to go even further. Instead of tracking you only through web sites displaying their adverts, they installed equipment at the heart of the BT network which would look at every web site visited and search made. They would then show adverts on selected websites and those adverts would be selected based on all of your web surfing! Needless to say there was an outcry and even questions by MPs.

Unfortunately the most intrusive tracking is now being entered into voluntarily. The Facebook account seems to have become the universal way to identify someone and lots of websites allow you to sign up or log in through Facebook Connect. The “Like” button has become ubiquitous as sites encourage you to share them with your friends. All of this means that Facebook has a vast knowledge of all the websites that you visit that use these things. This has even extended to a tie-up between Facebook and NHS Choices. The only way around that is to log out of Facebook and delete your browser cookies before visiting any other sites.

Facebook Comments, which allow comments to be left on blogs through your facebook account, are particularly intrusive because they link together your web browsing and your social network. If you enter a comment on a website using this system it will be shared back to Facebook and posted on your wall if you are not careful. That can tell everyone on your friends list what web site you were commenting on and what you said. That may be alright on many occasions, but perhaps more than you want to share on others. The rise of Facebook Comments also means that everyone must use their real name on these web sites. That has led many to ask if it is the death of anonymity. I would imagine that websites discussing sensitive issues are unlikely to use Facebook Comments for this reason. Even Disqus comments, a system which I use on this blog, can allow other people to track your comments from one blog to another. It does at least allow anonymous commenting in most cases.

Etsy and Google Buzz show a typical corporate cavalier attitude to private personal data. When Google introduced Buzz they simply added it to every Google Mail account, and made the personal address books of every user available through Buzz as a contact list. This “on by default” attitude caused a lot of bad press for Google and they quickly changed it to require activation by the user. More recently Etsy has done the same thing. People that signed up to buy and sell “all things handmade, vintage and supplies” suddenly found their accounts visible to all through Etsy’s new People Search. Feedback that they had left on purchases or on buyers suddenly exposed details of items purchased, and these details show up on search engines too. One woman has had some particularly embarrassing information exposed on Google right next to her CV. All this because the owner of Etsy would like it to become a social network.

The trend is towards sharing more and more information on the internet. I think Scot McNealy was right, although a few years ahead of his time. For all our efforts, privacy is dead, and voluntarily at that. I don’t actually see how it can go any other way though - recent events have shown that information cannot be kept secret any more. Fred Goodwin’s super-injunction could not prevent people from announcing that he was a banker. Dictators in the middle east were unable to prevent pictures and news reports from making it to our TV screens.

I believe this marks a cultural shift in attitude to privacy. In the last ten years people have started to live their lives in a much more open way and to share information and events on the internet in a myriad of ways. In a world where it is commonplace to show photographs of a drunken night out to everyone, or to discuss a relationship break up in public, attitudes to past actions must change. Employers searching out potential employees through Google are going to have to realise that everyone is human and no one is perfect. If they don’t see anything about a candidate to put them off, it probably means that the evidence has been hidden well! As a friend said recently, “These are the first generations to publish their entire lives in the public domain. Future leaders will doubtless hold juvenile views that they later discard and regret.” The public will have to realise that things done in the past do not accurately reflect the views of a politician in the present. If a persons entire past can be seen on the internet, people will have to be a lot more accepting.

It’s a brave new world.

DWP shares disability data but who said they could?

The area I live in is switching off the analogue TV transmitters in September, and going all digital. The Switchover Help Scheme was set up to make sure that everyone with a TV is able to receive the digital signal, and they have been running TV adverts and posting out letters with this aim. The letters offer to sell a digital receiver and an aerial for £40, and also nag the recipient to reply to confirm whether they wish to do this or not. I have a problem with the letters that I received. Here’s the bottom part of the most recent one:

“We, DSHS Limited, are the data controller for this scheme. So that we know whether you qualify for help, we have received data from a number of public bodies including local authorities, the Veterans Agency and the Department for Work & Pensions, which may, if relevant, include whether you received any disability benefits or if you were registered as blind. We have also contacted TV Licensing to see whether there was a valid TV Licence at your address.

The Switchover Help Scheme is managed, on behalf of DSHS Limited, by Eaga plc. Eaga House, Archbold Terrace, Newcastle upon Tyne, NE2 1DB. Company registration number 3858865.”

Now, correct me if I am wrong, but I see some issues there.

  1. The scheme is being run by a private company, DSHS Limited.
  2. That private company has sub-contracted to another, Eaga plc.
  3. The government, through the DWP, has disclosed information about who has received disability benefits to said private companies.
  4. Local authorities have also sent information to this private company.
  5. TV Licensing (Capita) have given my information to DSHS and Eaga.

I don’t know about you, but I’m pretty pissed off about this. I’m fairly sure that I did not at any point give permission for my local council, the Department of Work and Pensions, or TV Licensing to tell anyone my name and address, what disabilities I may have, or what benefits I might have received. I believe this violates the princicples of the Data Protection Act 1998.

Schedule 1, part 1, section 2 states:

“Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.”

At no point did anyone specify that information about benefits and disabilities was being collected for the purpose of marketing of digital television receivers.

So all parties involved have transferred my personal information to a third party without my consent, and are processing it in a way that was not specified when the data was collected. Unless someone can tell me why this is within the law I intend to make a complaint to the Information Commissioners Office.

—-ADDENDUM—-

As pointed out in the comments below, this is unfortunately legal as the government passed a law to allow it, the Digital Switchover Disclosure of Information Act 2007.

Erasing the past

I am currently bedridden, suffering from ME and an as yet unidentified further illness. Twitter is my lifeline and is what has been keeping me sane, and I have managed to produce some ten thousand or more tweets in the last three months. Having finally given up any hope of managing to work, even through my computer from my bed, I have just started the process of applying for ESA and will be judged on whether I am fit to work or not before I can receive it.

I started to worry that my heavy use of twitter could be used against me in this process. I have already explained how and why I can use twitter without that meaning that I am fit to work, but I also worried that my tweets could easily be taken out of context. For example, a tweet about undertaking an activity of some sort could be used as proof that I can do that all the time. What an investigator would not see is how good or bad a day I was having, how much I had to prepare for and work around the activity, or how much pain and exhaustion that activity would cause for days afterwards.

I think the rumours of investigations into ESA claimants usage of social networks are probably not true, but I don’t want to take that chance. I do not have the energy to fight through an appeal should I be declared fit to work.

And so, on Thursday I took the drastic step of deleting all 12,272 of my tweets. I am fully aware that deleted tweets are not really deleted. Although they will no longer appear in my timeline, they are still there to anyone that knows the direct link to the tweet, they will still appear wherever they have been retweeted. (And some have been retweeted more than a hundred times.) They have been indexed by Google and by Topsy, and many others. What I have tweeted can be quite easily found by someone that is really determined, but I simply wanted to put my tweets beyond the reach of fairly incompetent researchers. Someone that I know has done the same thing to prevent trawling by tabloid journalists.

If you are interested in doing the same thing yourself for any reason, I used two tools to do the job. I had to use two because the first one did not work completely. The first was Twitwipe, found at http://twitwipe.com/ and the second was Tweet Eraser, found at http://www.tweeteraser.com/

—Addendum—

This post was intended as a quick explanation for friends that were asking my reasons, but has suddenly become rather popular and has had 500 views in a few minutes. The irony of this has been pointed out to me. If you are here investigating me, please make sure you read all my reasoning, and don’t misquote me.

Relevant earlier posts

If you can tweet you can work, and other such lies

Nothing to hide? I pity you

The internet, oppressive regimes, and Tor

Tor logo

A common feature of oppressive regimes is control of information. In Egypt recently the government not only blocked television signals from the likes of Al Jazeera, but they actually resorted to almost completely shutting down the internet across the whole country in an effort to prevent protesters from organising. In China, Iran, Syria, Cuba, Yemen, Saudi Arabia, and many other places, the governments block access to sites that they consider a threat to either the government or to the moral values of the people. This usually includes social networks like Facebook and Twitter and news organisations like the BBC and Al Jazeera.

The solution

While a partial connection to the outside world is available, there is a way to get full access - with the Tor project which you can find at www.torproject.org. Tor makes use of a network of volunteers across the world to smuggle information across the borders. The Tor website describes it like this:

“Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.”

How Tor works
How Tor breaks through the information blockade. Illustration by @Apricotmuffins

Any person in any country can run Tor software on their own computer. When someone in, say, Iran wants to get access to Facebook, Tor sends their request to someones personal computer in the UK or USA, which passes it on to Facebook or perhaps through another couple of computers first. The authorities in Iran will see only a connection between two personal computers and they will not know what web site is accessed, if they notice anything at all. Tor is aimed mostly at web browsing and instant messages as there is not enough bandwidth to allow file sharing and video streaming.

Tor relies on volunteers in “safe” countries to run their software in order to give access to the people in oppressed countries. This is where you can help. It doesn’t take long to download the software, and following the guide you can be helping people get access to subversive information in no time.

What are the drawbacks?

Tor can be used by anyone, to transfer any information. There is no guarantee that people you don’t like will not use Tor. If you run Tor on your own computer, it is likely that information that you disagree with will pass through your computer. This could be of any nature, including information helpful to terrorists, pornography, or other distasteful matters, and it is possible it could be appear to come from your computer, although it will only ever exist in passing and will never show on your computer later. It could have the same legal consequence as allowing others to use your WiFi. This is a drawback, but if we are to ensure freedom of speech then it is something that must be dealt with in ways other than by blocking their connections. In the end this is an ethical question which you must make up your own mind on.

Tor uses some of your bandwidth. If you have a download limit, Tor could use up that limit quite easily. It can also be inconvenient if Tor is using too much of your connection when you want to use it. You can limit the speed (bandwidth) used by Tor so that it does not intrude on your usage, but you cannot set a download limit other than by turning off the relay yourself if too much is downloaded.

It is not illegal to run Tor in most places outside of those oppressed countries. It might, however, break rules set by your employer, internet provider or parents if you use their connection. This may or may not be a reason to change your mind on running Tor, or you might be running Tor to break through restrictions set by those people.

Some people think it is possible that there might be a “backdoor” in the software that would allow US government agencies to track down users of Tor. Tor was originally created for the US Naval Research Laboratory before being sponsored by the Electronic Frontier Foundation, and then becoming an independent non-profit organisation. Tor is open source, that is, anyone can look at the code behind the software to check for things that shouldn’t be there. I personally think it unlikely that there is a backdoor. The Tor project have this to say about it:

“There is absolutely no backdoor in Tor. Nobody has asked us to put one in, and we know some smart lawyers who say that it’s unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.”

What about elsewhere?

Tor is not just useful in countries known for oppression, but could also be useful in other places. Australia wants to censor connections against a list of bad websites. In the USA the president is talking about getting an “Internet off switch.” If that is implemented badly, then Tor may get around it. The UK already censors connections through the Internet Watch Foundation. (IWF) Our government want to filter all connections for pornography by default, and is even now attempting to keep records of of all our communications. Not the contents of them, but a record of every phone call made, every email sent, every web page looked at. Using Tor to help those in other countries can have the added advantage of erasing your own records should the government ever decide to take an interest in you.

Useful information

How to install Tor by Latentexistence

How to setup a Tor relay or Tor bridge by AnonyGreen

Measuring Tor and Iran Some information about how much Tor is used in Iran.

Countries that censor the Internet

Top 10 Countries That Censor The Internet

Guest post: Where is my paranoid computer? – Well it’s here

This is a guest post by Frank Roper, on twitter as Walthamfrank

This piece was inspired by latentexistence’s blog article Privacy online: Where is my paranoid computer? http://www.latentexistence.me.uk/privacy-online-where-is-my-paranoid-computer/ which references something that Cory Doctorow in the book Little Brother calls Paranoid Linux. If you haven’t already read this piece then I suggest you do before reading further.

It would perhaps be better if I called this piece Where is my paranoid computer? – Well it’s here (well sort of and only under certain conditions) as we don’t yet have something that meets all of the requirements.

Before we start let’s remind ourselves of the requirements for a Paranoid Linux. These are:

  • Mesh networking
  • Random anonymous routing
  • End-to-end encryption of all traffic such as web pages, email, chat and voice
  • Digital signatures and proof of identity
  • Fake internet traffic (Chaff) to provide a decoy and hide real information

latentexistance then suggests some technologies that could meet these requirements.

After some research and searching I have managed to identify a Linux live system – this is a system which can run off either a CD or a USB memory stick – that has most of these technologies built into it. This is The (Amnesic) Incognito Live System [T(A)ILS] https://amnesia.boum.org/ T(A)ILS is designed to preserve your privacy and anonymity - all outgoing connections to the Internet are forced to go through the Tor network and no trace is left on local storage devices (the computer it’s plugged into) unless explicitly asked.

It includes the following software and services:

  • Tor and the Vidalia graphical frontend
  • Firefox preconfigured with Torbutton for anonymity and protection against evil JavaScript, FireGPG for e-mail encryption and all cookies are treated as session cookies by default; the CS Lite extension provides more fine-grained cookie control for those who need it
  • Claws Mail e-mail client, with user-friendly GnuPG support
  • Pidgin preconfigured with OTR for Off-the-Record Messaging
  • Aircrack-ng for wireless networks auditing
  • Gobby for collaborative text writing
  • onBoard virtual keyboard as a countermeasure against hardware keyloggers
  • Shamir’s Secret Sharing using gfshare and ssss

CD and USB images for T(A)ILS can be downloaded from their website (note that you may receive a security certificate error when accessing the site but it’s fine to accept an exception in this case). I’d recommend the USB distribution as you can save files to the stick.

What it does not include is mesh networking. However some work is being undertaken at present to look into providing mesh networking. The issue is that mesh is not cheap – think of it as being a mobile phone network – if you want to provide it across any significant area. For those who wish to explore providing small scale mesh networking open source systems are available that can be ‘plugged’ into existing hardware. A detailed look at this is beyond the scope of this piece but I could have my arm twisted if enough people ask!

Hey, I’m not a Linux geek I want to run stuff on My Windows PC or Mac (or even my mobile or mobile devise)

This is less easy (for this read very hard) if you don’t want to leave traces of your activities all over your computer or mobile.

As a basic you could install Tor http://www.torproject.org/index.html.en on Windows, Mac or mobile device (Tor supports Android-based phones, tablets, computers; test packages are vaialble for iPhone, iPod Touch, iPad and experimental instructions are available for Nokia Maemo/N900).

An additional basic step is to install email encryption. Many email clients – although it’s easier to install in some of the free /open source packages like Thunderbird - support encryption.

The next possible step is to run your applications from a USB stick, although this will still leave traces of activity on the host computers hard disk. There are a variety of pendrive applications available:

  • PortableApps http://portableapps.com – pre-packaged sets of applications with a useful menu utility
  • winPenPack http://www.winpenpack.com – pre-packaged sets of applications
  • Portable Freeware http://www.portablefreeware.com – a listing of applications that run from USB

An interesting alternative is MojoPac http://www.mojopac.com which can be installed on any USB mass storage device, even an iPod. Depending on who you believe practically everything, or everything, personal (bookmarks, documents, etc) is kept within MojoPac, always with you and never touching the host computer. Currently this only works with Windows XP systems as the host.

Do we live in a police state? (Short version)

The words “Police State” are thrown about a lot. People often say that we live in a police state. Others, myself included, would say that we are certainly headed that way. But what do the words actually mean? Well here is what the dictionary says about it:

Police State: A political unit characterized by repressive governmental control of political, economic, and social life usually by an arbitrary exercise of power by police and especially secret police in place of regular operation of administrative and judicial organs of the government according to publicly known legal procedures. (From the Merriam-Webster dictionary.)

So do we live in a police state? Lets look at some evidence. I made a long list of areas that the government, past and present, has been very authoritarian about. Some in particular stood out to me as indicative of a police state.


A poster used in London in 2002

Social and economic interference

In addition to all the examples of government control of political life which I have already detailed, there are also the economic and social factors. Our government is very keen to change the way that the public behave through the use of tax. In particular they use this method on petrol and other fuels, on alcoholic drinks and cigarettes. They also plan to introduce a charge to couples that make use of the Child Support Agency when splitting up. Since there often is no choice but to go through the CSA this amounts to a tax on splitting up in the eyes of many and is seen as a government attempt to make people stay married. There has in the past been a married couples tax allowance which some see as doing a similar job. The government is also known to use Nudge Theory to try to change our behaviour. They also want to censor our internet connections by default to remove pornography. (Extreme pornography was made illegal in 2009.) Some of these things are specific to a Conservative government, but most of them apply to all governments that we have had.

When I wrote down this list I was staggered by the length of it. I had expected a few minor items, not this many. The examples on this list add up to our rights being systematically abused and removed for the benefit of those in power and those who chose to serve them, and to force on all a moral code accepted by only some. Surprisingly, in light of all that I have detailed here I do not think that we have a police state yet, but we do have a highly authoritarian legacy of laws from the last government and the current government does not look to be changing much of it.

So what does a full-blown police state actually look like if we don’t have one? Belarus is probably the most horrific example from recent months. When Lukashenko appeared to have won the last election the people were not happy. There were riots outside parliament. The police shot and beat up rioters. Then they arrested all of the opposition leaders and all the protesters. They tracked down people that were there by taking location information from the mobile phone networks. Even the children of opposition leaders were not safe and one child was taken away from family by the government. That is how bad a police state can get. More info: Link 1 Link 2 Link 3

We are not in a situation like that of Belarus, nor is it likely to happen any time soon. Nevertheless, we should be wary of this slow-but-increasing erosion of our rights and civil liberties. Through the last decade the public has been encouraged to be afraid of “terrorists” so that governments may pass whatever laws they want for their own convenience. This masks the cancellation, selling off and privatisation of our public services. It seems that many people in our society actually want this level of authoritarian control from their government and with the level of governmental and police control, we could very easily cross the line into a police state. We must stamp it out now before that happens.

This article is also available in a longer version.