December 29th, 2009


Getting Serious About Security

In "The Privacy Mandate" I only lightly touched on one reason for being security and privacy conscious with your online dealings (for a refresher, see here and here as well as here and here). I also mentioned some tools to use to reduce your visible online footprint so as to have more privacy and security. Today I would like to take the time to talk about one of those tools and how you can setup two different programs to use this tool in your quest for privacy, security, and anonymity. In follow-up articles, I'll be discussing some of the other tools I mentioned to help make your online experience safe, private and secure.

You have finally decided to get serious about your security, privacy and anonymity online but you haven't a clue where to turn or, when you get there, how to set up your programs to use these tools in an effective manner (ineffectively using any of these tools pretty much negates their use at all). The first tool I want to talk about is called Tor and it uses onion routing to provide an anonymous proxy relay service with a minimum of 3 relays. While they have some great tools to help you use this service (I recommend the Vidalia bundle), their documentation is scattered and leaves something to be desired, at least in my opinion. Since I, and so many other new users, have had so much trouble in getting it set up and so many technical questions about setting up programs to use Tor, I thought I would write this.

Lets first start with Firefox. While I'm using 3.6b4, they have recently developed a bundle that uses 3.5.6 and I can assure you that the settings are the same. I cannot say the same about the security of the code base (while the Tor project has given 3.5.6 a pass, I doubt they are testing a beta release) and other security conscious settings that help make Tor that much more effective.

The first thing we need to do is install the Vidalia bundle along with the TorButton for Firefox. This button allows you tell Firefox to use/not use Tor while surfing. The only advantage to not using Tor is that you'll have access to video and flash content and your page loads will be quicker. If you aren't concerned by such things, still keep the button handy. Some sites do not allow Tor users to connect to them (although you could tunnel through another proxy server to hide that you are using Tor). For the best use of Tor, you'll want the following proxy settings (should be put in by Tor button, but it's always best to double check):

proxy settings

These settings will get you off and running with Tor on Firefox.

Next to set up will be Pidgin, a multi-protocol instant messenger client. You can set up proxy service either per account or client wide. I have chosen (and recommend) to set it up client wide so that all the protocol connections have to travel through Tor. It's a little bit slower to connect and there are still some issues but once you're connected there isn't any difference in IM response. Messages are still instant, they are just a little more secure now.

With those settings, you'll be safely on the Tor relay network with packets pinging around the world in an attempt to prevent anything to be traced back to your computer.

Tor has some wonderful documentation, I just find it all to much for a beginner who is just starting on their way to becoming security conscious while on the Internet. In that manner, I hope that this (relatively) short article helps you get going.

If you have an tips or corrections to share, please leave a comment here at Ameriliorations 1.0 - Getting Serious about Security. As long as it isn't spam it will be displayed.

[tags]technology, computers, security, web[/tags]

Originally published at Ameliorations 1.0.


Facebook and XMPP: Old News is Old

So apparently the king of social networking sites, Facebook (disclosure: I have a site and fan page on FB), is looking to make waves into the instant messaging world. How are they looking to do this? By employing the Extensible Messaging and Presence Protocol (XMPP) for their chat service. With the code already installed at it should be only a matter of time before Facebook makes the big announcement to their users. The question is, when?

I ask that because, as I was looking up information on this change, I discovered at least two articles (here and here) that are over a year old, posted 14 May 2008 and 17 January 2008 respectively. The only recent piece about this is relatively low on details by comparison.

So what does this mean for AOL (owners of ICQ and AIM), Yahoo and MSN? Probably not too much as more then a trickle of their users have been using XMPP to connect to those services (via transport gateways in XMPP, enabled only on certain servers) for years. I personally have known about jabber servers offering transport gateways for at least 5 years, if not more. What this does mean, though, is that XMPP, with the addition of 70+ million users from Facebook, will become the de facto king of the IM protocols overnight. Just as soon as Facebook goes live with their server.

The server is there, and it does respond, but currently trying to connect to it returns, for me at least, a 503 service unavailable error with my client, Pidgin. Also, the server requires a plaintext authorization at the moment (bad Facebook, do you want your users having their login names and passwords sniffed on demand?) so I do not recommend any current Facebook users to try and use it unless you've created a throwaway account.

UPDATE: The creator of the Facebook Chat plugin for Pidgin made a post on 4 November 2009 here. Apparently FB is testing out a few things, which is good. Extended beta programs ensure a more solid product release which would be important for an immediate move over of over 70 million users.


Originally published at Ameliorations 1.0.