Data Security

To start this article, I should mention what those words mean. Freedom means “the power or right to act, speak, or think as one wants without hindrance or restraint” and liberty means “the state of being free within society from oppressive restrictions imposed by authority on one’s way of life, behavior, or political views.” However, from now on, when I use any of those words, I mean both of them. So whether I write freedom or liberty, I mean “freedom and liberty”.

I value my liberty. I think liberty is what makes humans, humans. As a Middle Eastern, I understand how much my freedom is valuable and important. Us Middle Easterners are very much familiar with struggles one can have to gain freedom.

We fight for freedom in Middle East. If you’ve followed Middle East news in past 10 years, you surely understand what I’m talking about. Part of our fight for liberty needs us to be anonymous. In Middle East, you may get arrested or executed for simply talking against the dictator, so many of people take anonymity very serious when they talk politics, or anything else.

Anonymity is part of privacy. Anonymity is a choice when someone has privacy. I should explain this too. Being anonymous is a choice while privacy is a right. Someone with privacy can or may be anonymous but one can be identified and known while one still has privacy. I for example am active in a social network with my real name but I still take my privacy seriously, and am careful about my computing and acts.

Now back to what I was saying. In a situation like Middle East, privacy is so essential for living that almost everybody takes it seriously. I don’t mean all people are avoiding Google or Facebook, etc. but I mean they try their best to not give their data to the government.

People in Middle East basically understand the value and importance of privacy. However, even in Middle East, many people give me the argument of “I have nothing to hide” and refuse to take their privacy and rights seriously. Many don’t understand with not taking their privacy seriously, what they’re giving away.

To live as a free human being, and not be controlled or conquered by any person or power, you need privacy.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Edward Snowden

Let’s start arguing against the “I have nothing to hide.”

Continue reading

I recently realized this. Facebook can figure out people that you might know by analyzing the pattern of dust and scratches on a camera lens. Facebook filed a patent for their “people you might know” feature, the thing that recommends someone that you might want to become friends with.

And the way that it works is this: Imagine we’re at an event and I’m taking pictures. I take a photo of you that you really like. We don’t know each other but I show it to you, I send it to you and you post it on your Facebook page. I od the same thing with someone else.

So none of us are in the pictures, none of us know each other, I’ve just taken a picture of you and someone else and you both posted them on your Facebook pages.

Facebook can then analyze the dust and lens scratches that were on my camera and find the invisible artifacts that those left in the photo to determine that you both had your pictures taken by me at the same time and then recommend that you become friends.

When reporters found this patent, Facebook denied that they were using it in their system but there’s no way to know if they’ve started using it since or if they’ve put it in something like Instagram and WhatsApp.

This is surveillance capitalism, this is how deep we’re in trouble for protecting our privacy.

I really like Bitcoin. I think the future of money should be something like Bitcoin in a way that nobody can control it or impose rules and regulations on it.

In past few days, Bitcoin has been rising in price. Tesla buying $1.5 billion worth of Bitcoin pushed it to a new high and now everybody is talking about how tech and industry giants are coming to the market, and I don’t like this actually.

First of all, what I like about digital currencies is that nobody truly controls them. There’s no central bank for it and everybody can own it without a government being able to enforce laws on it, well almost. Tesla and Apple are the first giant ones that are believed to be involved in it and their ability to change the price or manipulate the market is worrying.

Imagine Elon Musk tweeting that Tesla is going to sell all its Bitcoins and naturally the price will decrease and then they buy more Bitcoins and tweet again that they’re not going to sell and well price will go back up and they get a lot of profit only with few tweets.

Second, privacy is a problem. Bitcoin is not a privacy-friendly cryptocurrency. Every Bitcoin transaction is published. Now, people might not know that my wallet belongs to me, but if I used it more than a few times it would be possible to figure out that it’s me.

Bitcoin is actually safer than credit/debit cards because you have at least some privacy in it while debit and credit institutes and banks violate your right over privacy and anonymity completely.

This is why most of times I use cash. I still own a credit/debit card as it’s needed but cash is my main way of paying. I really don’t want my bank to know about what I buy, when I buy it, and where I buy it.

Also, with cash, I can prevent being recognized at markets. I can buy stuff with a fake identity. Bitcoin makes it easier to pay and receive with anonymity (which is a part of our privacy rights) but it’s not focused on it.

After WhatsApp updated its privacy terms and millions of users got angry, people started to move from it to Signal and Telegram. It even caused some problems for Telegram and Signal servers as they didn’t expect that much users.

Signal is known for its encryption and privacy and I think they are doing a very good job but I don’t trust them. The thing against Signal is that it’s not really free software. Signal has a code/repository that is published with a free (as in freedom) license but the app itself is not libre.

Signal’s app is not on F-Droid. The only way to get Signal’s app is to download it using Google Play Store. When many people complained, they published an APK which is really really hard to find and is still using Google Play Service, if it’s available on your phone.

Signal doesn’t let you connect to Signal using the app you created yourself. Even if you compile their exact source code, it will only be active at most for 90 days.

But what I use instead of Signal and Telegram? I use Matrix and XMPP. They are decentralized messengers and truly free (as in freedom). With Matrix and XMPP, I have true liberty over my computing and messaging. I can run my own server if I don’t trust others and I can make sure encryption works the way I want.

I can compile/build my own app and know for sure that the app works as it is expected. Unlike WhatsApp, Telegram, and Signal which have centralized servers, Matrix and XMPP are decentralized and there’s no main server. I know for sure what’s happening on the server (as I can run my own) and I’m sure the app communicates with server exactly how it says so or I want it.

Many intelligence agencies or tech companies try to fool people by telling them that their backdoors are only for good people. I think there’s no need to say that’s a lie.

There’s no meaning in encryption or security when there’s a backdoor. There is no such thing as a backdoor that only lets the good guys in. If there’s a “master key” that unlocks millions of accounts, every cracker on the planet will be after it.

A compromised encryption backdoor could give cyber criminals access to your bank account, your personal messages and other sensitive information.

Don’t think crackers can steal the master key? Think again. Both the CIA and the NSA were breached in 2017 by mysterious organizations that stole and published the spy agencies’ cracking tools. The same year, cyber criminals stole an NSA exploit and used it in a massive, worldwide ransomware attack. The fact is, if the government or anyone else controls a master key, eventually it will get out.

Crackers aren’t the only threat: Governments may also use encryption backdoors for harm. The US government has already revealed its willingness to spy on citizens without a warrant. If liberal democracies cannot be trusted, what about China, Russia, Saudi Arabia, or countless other authoritarian states? Encryption backdoors could be used by repressive regimes to help them persecute journalists, dissidents, religious minorities, the LGBT community, and anyone else they please.

Data Privacy Day

Every year on January 28, we celebrate the international event of Data Privacy Day. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices.

Privacy is a human right. Many people confuse privacy with secrecy and anonymity. While privacy is a human right, anonymity is a choice. Anonymity is one of choices and rights made possible with privacy.

I’m very careful about my privacy and I take it very seriously while I’m not an anonymous person. I don’t have anything to hide, except for my personal data, but I’m still very cautious about privacy. Privacy is like free speech. I respect my right about it even if I have nothing to say, or hide.

As Data Privacy Day is about raising awareness about best practices of it, I decided to write a note about one of the ways I keep my personal files secure which is encryption.

Continue reading