PRISM Break: Cloud Storage

Cloud storage is great. You can save files on the internet and access them from all your internet connected devices. It also gives you the possibility to create external backups of all your important files: Even if everything you own get lost in, say, a catastrophic house fire, your important documents, family photos and other digital valuables are safely stored someplace else. Great stuff.

The problem with cloud storage, however, is that you lose all control of your files. The cloud provider can easily access everything, look at your photos and read your documents. The files can also be shared with others by the cloud provider without your knowledge and consent. If you are a bit computer savvy, you can prevent this by encrypt everything you save in the cloud, but as far as I know, none of the popular cloud storage providers make this an easy process. In addition to the hassle of encryption, you have to make sure you have your private key stored somewhere safe, because if that is also lost in the mentioned house fire, you will be unable to access your files.

Up until a few weeks ago, I used two cloud services myself: Google Drive for external backups of important documents, photos and other files that I wanted easy access to across all my devices, and Amazon S3 to create backups of and other sites hosted on the VBOX. Technically, both services work great. But in terms of privacy, they are rubbish. The files are not encrypted and are just sitting ducks, available to everyone with access, for instance some Google and Amazon employees. Google is planning an encryption project that will make sure your files are saved encrypted on Google Drive, but in practice this doesn’t really have any effect: Since the files are encrypted by the cloud provider, in this case Google, they can just as easily decrypt the files and have a look at them anyway.

So is cloud storage that respects and protects your privacy impossible? No, it’s not.

PRISM Break: The Search Engine

Now that we’ve started using Firefox – a browser that takes your privacy seriously – as our primary tool when surfing the internet, it’s time look at one of the online services you probably use the most and how it handles your privacy: The Search Engine.

If you are like most internet users, you have a few sites you visit regularly: A social network or two, a couple of online newspapers and the odd community site. But whenever you need to search for information on the internet, a search engine is most people’s primary weapon of choice. Google is the undisputed heavy weight champion of internet searches and as of July 2013 the company claims a massive 67% market share on searches from internet users in the United States. The second largest search provider is Microsoft, with 17.9% of the market. In July, Google processed nearly 13 billion internet searches, while Microsoft is a distant second with three point five billion searches.

All this boils down to is that there’s a good chance you are using Google when you search for something on the internet. But how does Google – and the other big search providers – handle your privacy?

How To Install Firefox Sync Server on Ubuntu

Please note that since this guide was written, Mozilla has made some changes to Firefox that impacts syncing. If you are using Firefox 29 or later, version 1.1 of the Sync Server – which this guide covers – will not work. Sync Server 1.5 or later is required. I’ve written another guide you can follow to install the correct version of Firefox Sync Server for Firefox version 29 or later, you can find it here.

As a sort of intermission for my PRISM Break series of entries, I’ve written this step-by-step guide to how you can install your own, private Firefox Sync Server on Ubuntu. I’ve tested it on Ubuntu 12.04 LTS and Ubuntu 13.04 and it works fine there, and there’s a good chance you can follow this guide and successfully install the Sync Server on other versions of Ubuntu and other Debian based Linux distributions as well.

What is the Firefox Sync Server anyway? Well, if you are using the Firefox browser, you can use a feature called Sync to synchronize add-ons, bookmarks, settings and other browser data across multiple browsers. The easiest way to achieve this is to use the Sync Servers the Mozilla foundation provides, but to get even better privacy, you can install your very own Firefox Sync Server.

This guide assumes that yo have root privileges and a basic understanding of how to edit text files in Ubuntu (for instance with vim). It’s also convenient that you can access your server from the internet – or you’ll only be able to synchronize across all the browsers you are using on your local network, and that’s kind of lame, don’t you think?

Anyway. Here’s how you install the Firefox Sync Server on a freshly installed copy of Ubuntu.

PRISM Break: The Web Browser

In this series of entries (at least I hope it will turn into a series) on how to get as much privacy on the internet as possible, we’ll start with your core tool: The web browser.

Both the operating system you are using and your hardware is further down the stack and could also bleed information about you like a ruptured artery, but we’ll focus on what you can easily replace. Moving to a totally new operating system can be a lot of hassle for most people, and very few of us are capable of building our own hardware – but the web browser should be replaceable without too much effort.

The Electronic Frontier Foundation has set up a site, PRIM Break (you really didn’t think I’d come up with this wonderful pun myself, did you?), where they list a lot of software alternatives with better privacy compared to the software people would normally use.

Their web browser suggestion is Firefox.

PRISM Break: Prologue

Unless you’ve been hiding in the woods since the beginning of June, the words PRISM and XKeystore and the name Edward Snowden should be familiar to you. But there is no harm in refreshing your memory a little:

Edward Snowden was an employee of defense contractor Booz Allen Hamilton at the National Security Agency (NSA), the central producer and manager of signals intelligence for the United States. During his employment at the NSA, Snowden gained access to some of the US government’s most highly-classified secrets. On May 20, he arrived in Hong Kong with four laptops with classified documents and on June 1, he was interviewed by two Guardian journalists.

On June 5 The Guardian breaked its first exclusive story based on the documents Snowden gained access to, revealing a secret court order showing that the US government had forced the telecoms giant Verizon to hand over the phone records of millions of Americans. The next day, a second story revealed the existence of the previously undisclosed programme PRISM, which internal NSA documents claim gives the agency “direct access” to data held by Google, Facebook, Apple and other US internet giants.

The tech companies naturally deny that they have set up “back door access” to their systems for the US government. Admitting such a thing could potentially be commercial suicide for the companies. But, for all intents and purposes, we can assume that these back doors exists. Why? First off all; it’s every intelligence agency, security agency and nervous government’s wet dream: To know just about everything about everyone. And considering how much we use the internet today, it’s a fantastic source of information. Secondly; it’s not that much of a technical challenge to get the kind of back door access PRISM is supposed to have. Install a man-in-the-middle at the right location, and you can listen in on pretty much everything. And last, but not least, all the companies can easily be persuaded to comply: Install the back doors or you’re not allowed to operate. This has happened before and one example is BlackBerry: The company was not allowed to operate in India for some time because the Indian government was unable to intercept BlackBerry’s secure corporate mail and messaging services.

But why should you care about PRISM, the NSA and that your own and foreign governments are listening in on everything you say and reading everything you write? The average citizen, and it’s a pretty good chance you are an average citizen, isn’t doing or planning to do anything illegal. So does it really matter that they know everything about you and every move you make?

Yes. Yes, it does. It actually matters a great deal and here’s why.