Mobile Location Anonymity: Proxying Twitter, IM, and Email through Tor on Android
Each time your computer makes a connection to a server on the internet, you tell the remote server, as well as your ISP and every router in between, your IP address. If you’re using the internet on your phone you might be disclosing the IP of your 3G or 4G connection, or the IP of the wifi network you’re connected to.
If your phone checks for new emails or tweets every couple minutes, or keeps up a consistent connection to your instant messenger server, any of those services is almost definitely logging a history of your IP addresses.
This IP address data could be used to figure out your physical location over time. This is the information that New York City subpoenaed Twitter for, to get the private messages and IP addresses (read: location data) of Occupy protester Malcolm Harris.
Why I'm Leaving Ubuntu for Debian
I decided to switch to Debian.
I’ve been using Ubuntu as my primary operating system since 2005. Back then it was truly amazing. Before I started using Ubuntu I tried out Red Hat, Mandrake (and later Mandriva), Slackware, Gentoo, and even Debian. In all of them, something didn’t work. Usually it was wifi, but sometimes it was audio or video, or weird X config problems. But when I switched to Ubuntu, all of that went away. Rather than being frusturated that I was still a Linux noob and couldn’t even connect to the internet, Ubuntu helped me get past the initial barriers so I could really dive in. I’m eternally grateful to Ubuntu for this, and I’m very impressed at how successful they’ve has been at fixing bug #1 (though there’s still a long way to go).
No Really, the NSA Can’t Brute Force Your Crypto
I’ve talked to many people who assume that the NSA, the world’s most powerful and well-funded spy agency, can easily crack the encryption on messages they intercept by brute force. They speculate: “What if Big Brother has a massive cluster of supercomputers guessing keys at full power in a top secret and shadowy lab a mile beneath Maryland?” Even then, they still can’t crack your crypto.
Don’t get me wrong. There are many implementation flaws, bugs, misconfigurations, user errors, and rubber hose attacks that could lead to crypto being compromised. I’m referring to the NSA’s ability to use massive computing power to guess a crypto key.
Beefing Up Security on Your SSH Server
Lately I’ve been thinking about setting up a blog to talk about tech things I find interesting, particularly web security, since that’s how I spend a lot of my work and free time. Since I had an under-used VPS sitting around, I figured I ought to set up WordPress on it and start blogging. What better topic to blog about than how I’m securely setting up this website?
