Monthly Archives: July 2013

So, You Want to Hide from the NSA? Your Guide to the Nearly Impossible

Complaining about the government is a key part of being American, the first amendment to the Constitution. But it seems like a bit of a trickier proposition these days, with the government listening to everything you say online. In the interest of preserving your freedoms and bolstering our fair nation, here is the full articulation of the deeply paranoid and complex life you must live in order to assure that the government leaves you alone.

RELATED: PRISM Companies Start Denying Knowledge of the NSA Data Collection

Before we begin, we’ll note that technically the NSA isn’t allowed to look at the stuff you do online. Thanks to the Patriot Act, it can (and does) store the metadata on phone calls Americans make every day—who was called, how long the call lasted, maybe some location data. The NSA also pulls in online content, but can’t do so legally on targets in the United States. This is part of the PRISM program you may have heard about, in which the NSA can access data from an array of companies in near-real-time. In practice, the NSA’s procedures are sufficiently lax that it does collect information (content) from Americans, of course. And until 2011, it collected metadata on emails, including subject lines and to- and from-addresses.

RELATED: The NSA Is Still Looking for a Way to Capture iMessages and FaceTime

That is the worst case scenario. Yes, the NSA is definitely slurping up scads of information about your phone calls. It probably isn’t storing your Facebook chats, emails, and Skype calls. Our goal with this guide is to detail exactly what you need to do to assure that it can’t, even if it wants to. As you will see, it is a cumbersome process.

For assistance in fleshing out this guide, we spoke with Micah Lee, staff technologist with the Electronic Frontier Foundation.

First, the really bad news.

The world learned about PRISM thanks to a series of slides leaked by Edward Snowden. Among those slides was one where, you can see the companies that participate in the program but also the data they offer the NSA, if the agency asks. Microsoft, Google, Yahoo (complete with trademark exclamation point), Facebook, YouTube, Skype, AOL, Apple. All of the logos smushed into the header of the slide. And all of the companies to be avoided if you don’t want any chance that the NSA can surveil what you’re doing.

Again: We are not saying that you should not use Facebook. What we are saying is that if you are desperate to prevent the NSA from knowing what you’re doing, you shouldn’t use Facebook. And there’s nothing you can do to make using Facebook better—no encryption, no anything can make Facebook safe from the NSA. (We’ll discuss this more a little later on.)

But it gets worse. These are the companies known to be participating in PRISM as of last October (when Apple was added). Since then, others may have been added; others may be added in the future. The truly paranoid, then, will have second thoughts about nearly any major Internet company.

And then it gets worse still, as Lee pointed out. “Any company that’s inside of U.S. jurisdiction,” he said, “can get government requests for data. Even if they’re not listed in the PRISM slides, that doesn’t mean the government isn’t getting data from them.” If the NSA wants your data, in other words, it can probably get it. It just might not be in real-time. (We’ll get back to this, too.)

Before we continue, we should flesh out an important distinction. When you think of an email, what you generally think of is the content of the email, the message. In order for that message to get to you, though, the email also needs to contain metadata, a term loosely-and-not-entirely-accurately used to refer to information about the email message itself. For example: who it is addressed to, who it came from, what its subject is. (We have gone deeper into this before.)

That distinction is important because email operates like a letter sent through the post office. A letter, sealed in an envelope, can be hidden from the mailman. But the mailman needs to be able to read the address, or your letter won’t get there. In this case, the metadata is what appears on the envelope; the content is the letter.

So there is a good way to hide the content of your email messages. A tool called PGP (short for “Pretty Good Privacy”), created by a man named Philip Zimmerman, offers a way to encrypt (encode) email messages between two parties using what’s know as peer-to-peer encryption. That’s an important property. It means that person A encoded the message and only person B is able to decode it. So as the envelope moves around the web, you can be sure it stays sealed until it gets where it’s going. (How PGP actually works isn’t important for our purposes. In short: It involves doing a math problem involving two very, very large numbers.)

How do you get PGP? PGP as a brand is now owned by Symantec, so you can give them your money and they will set you up. But there are also open source implementations of the technology. (If you’re deeply knowledgeable about technology, you can establish your own PGP system—but if you can do this, we doubt you need a tutorial.) One such product is known as GPG (Gnu Privacy Guard), which comes in both Mac and Windows versions. This is not simple to implement, mind you, but the documentation is pretty thorough.

That’s the tradeoff on this stuff. You can use a packaged product like, say HushMail, a program that gives you a free email account that can send encrypted messages. But when you sign up, you’ll see a little notice that the company will work with law enforcement if you’re using your account for illegal activity. And in the past, the company has done exactly that when ordered to do so. Easy to use, but not a guaranteed protection against the NSA—as the site’s security page makes clear.

So you’ve got your PGP up and running and you’re all set, right? Nope. Lee explains why. “PGP protects the content of your email,” he says. “Specifically: Just the body, not the subject line. Even without the content of the email, it still doesn’t protect the metadata.” As recently as two years ago, the government was scooping up all of that metadata, reading all of those envelopes. PGP can’t help with that. So how do you protect yourself from having your metadata read?

One way is to use email servers that employ a system called STARTTLS. This is complicated, but if two email servers employ STARTTLS, even the metadata information on emails is encrypted. So the NSA could see two email servers communicating, but not the To and From addresses involved.

An easier way to hide your metadata is to restrict your email to one domain. As Lee explains, if you’re sending an email from someone at privateemail.com to someone at privateemail.com, that message never goes out on the Internet. Meaning that the government can’t watch it zip around and pick up the metadata. It’s like leaving a note for your roommate—the mailman won’t see that.

Unless the mailman kicks in your door/the NSA subpoenas your email provider. Or if your email provider already has an agreement with the government—GMail or Outlook, for example—it may be easier than that. How do you solve  that problem? Run your own email server and don’t send email over the Internet.

Easier: send a letter. (Or maybe don’t do that, either.)

The NSA also collects data on targeted individuals’ web activity. To prevent them from snooping on your important web activity (if you’re like us: reading The Atlantic Wire; looking at pictures of animals), you again need to worry about encryption.

In web browsers, that means using HTTPS. HTTP, hypertext transfer protocol, is the normal way content is shipped from a web server to your browser. HTTPS is the secure version of that, using encryption between the server and your browser, preventing those watching the traffic go past from seeing what’s happening. The most important thing you can do, Lee suggests, is use HTTPS whenever possible. To that end, the EFF has a browser plug-in called HTTPS Everywhere, which will make web pages that support HTTPS use it by default.

As always, though, there’s a weakness. Let’s go back to the mail-sending analogy. If you seal up a package nice and tidy, write Joe’s address on it, and send it off, Joe will get a nice, tidy package from you. But somewhere along the way, the NSA could have grabbed the package, opened it, looked at it, resealed it, and sent it on its way. That’s what Lee called a “man in the middle” attack—literally someone stepping in between the sender and the recipient. In the case of web traffic, you might send an encrypted message to your bank which someone intercepts on the way, reads, re-encrypts and sends on.

The way web traffic avoids that problem is using signed certificates. (That’s what they’re called, but it’s a metaphor.) Companies like Facebook go to a certificate authority and get a certificate for their encryption. When you send a request to Facebook, your browser checks that the security certificate is valid; if it is, all of the encryption happens without you even knowing. If the certificate isn’t valid, your browser returns a warning. You’ve probably seen it. In Chrome it looks like this:

Generally, this system works well. If a certificate authority gets hacked and its signing key—the tool it uses to authenticate certificates—is stolen, that could be a significant problem, allowing the hacker to forge certificates for any number of websites. But it probably wouldn’t go undetected. EFF also maintains what it calls the SSL Observatory, which keeps records of the certificates for websites and lets users compare the signed certificates they encounter on the web with the ones the EFF has on file. (It’s done automatically, in case that seemed off-putting.) If the certificate for, say, Twitter were to change, the EFF would start seeing that change reflected in its toolkit. The organization could check with Twitter and see if there was a valid reason for the change and, if not, issue warnings to its users.

You may see the flaw here. If the government gets access to a signing key or uses Twitter’s certificate, Twitter or the certificate authority may not be authorized to tell EFF anything out of the norm is happening. “If Facebook or any of these companies gives the NSA a copy of its cryptokeys, or if they obtain them some other way,” Lee points out, “it would allow them to spy on traffic.” But on the other hand, “Facebook could just give access to all of the users data,” making the complexity of this somewhat unnecessary.

Besides encryption, there is a tool that will allow you to mask who you are as you travel the web—to some extent, anyway. Called TOR (short for The Onion Router), it establishes a system through which your requests to web servers travel through three other anonymous servers around the world first. It’s like changing between three cabs on your way to your destination. Anyone trying to figure out where you came from would have a very difficult time doing so.

Particularly because the analogy is more like if you and 100 people shared that cab. The anonymous server through which you’re traveling is someone else’s TOR setup. You and many other people travel through each point, making the next destination of each hard to determine. Of course, if you use TOR to access your personal Facebook account, it’s not going to keep the government from knowing what you’re doing on Facebook. But if you visit a site with information you’d rather not be linked to, TOR can help sweep the path clean behind you.

If someone knew where literally every cab in a city was running and when, though, they could eventually figure out who started and ended where. This is the problem with TOR, as noted by Lee and TOR itself. The NSA surveils a massive amount of network traffic, both in the U.S. and with the help of its allies. Could it have an overview of the entire system of TOR traffic. It could. It probably doesn’t. As the recent revelations about the UK’s Tempora program revealed, some fraction of network data is currently being gathered—that could be a lot of data, but probably not all. Without a record of all of the stops, it’s much harder to track those cabs.

For those of you dependent upon real-time chat with your friends, a few words of warning. First of all, the “off the record” sessions offered by Google Chat offer zero protection. Second, most other chat systems, particularly web-based ones, aren’t much better.

You do have some options, though. IM protection works a lot like email, Lee points out, generally requiring end-to-end encryption using an external application. He recommends Off-the-Record Messaging, an app which, unlike Google’s “off the record” mode, provides that sort of end-to-end encryption. It requires an external chat client, for which the group maintains a list.

Apple’s iMessage isn’t one of them. But it has apparently stymied law enforcement in the past thanks to its encryption, and the company insists that it has no access to your messages, which would mean that its involvement in PRISM wouldn’t put your messages at risk. Some question whether or not that’s the case. After all, if Apple software is creating keys to encrypt your data, it necessarily has access to those keys. Anyway, it would only work when communicating with another Apple device using iMessage.

Nor does that end-to-end encryption obscure the metadata — again, as with email. The government could know that you sent a message to someone, and to whom it was sent, just as it can know who was called from which phone number. And speaking of phones:

We’ll start by distinguishing between two types of phones. There is the type of phone that makes phone calls (a “phone”) and the type of phone that primarily serves as a crutch for those desperate to retain a connection to the internet while not near a computer (a “smartphone”).

If your goal is to mask the phone calls you make using a traditional phone, you’re probably out of luck. It’s still not entirely clear which companies turn over bulk metadata on calls made, but there’s absolutely no reason to think any large carriers don’t. If you use a small regional phone company, the odds are better that your call records are not going straight to the NSA — that is, as long as you never call anyone who uses a larger phone company. Same goes for mobile phone providers. The smaller the company the less likely the NSA has gotten around to monitoring them, but don’t bet on it.

Smartphones expand your options a little bit, but not much. “With phones, it’s a lot closer to you not having a choice,” Lee notes. Your options:

Voice over IP. VoIP is the term for using a machine’s internet connection to transmit digital versions of voice communication. It’s Skype, in other words. But of course you don’t want to use Skype, since it’s a PRISM company. Lee suggests Red Phone, an Android app that offers encrypted voice communications. It requires two Android phones, though.

Textsecure. Another Android app from the same company as Red Phone, TextSecure does what it says on the tin: end-to-end encryption over text message. Also as with Red Phone, TextSecure is Open Source, meaning that anyone can access the source code to the software. This helps explain questions like, “who might have access to my encryption key?”

TOR Browsers. You can also get TOR browsers for your iPhone or Android device. See above warnings / restrictions / hand-wringing.

(As it turns out, your smartphone is just a little computer, meaning that we’re basically repeating the admonitions above. Who knew?)

And that’s it. All of the ways you can protect yourself when you go online. Remember: no form of prevention is 100 percent effective. The only truly safe way to protect yourself is to abstain completely.

Top photo: Theodore Kaczynski’s cabin in the woods of Lincoln, Mont., in 1996. (AP)

 

Piloţii americani au dat hărţile clasice pe tablete de ultimă generaţie

Piloţii de la baza americană Scott au efectuat un experiment, înlocuind hărţile aviatice şi instrucţiunile clasice de navigaţie în zbor cu tablete iPad Mini.

Experimentul a fost efectuat la bordul avionului de transport S-21A şi este considerat a fi un succes total.

Potrivit militarilor, iPad a simplificat controlul avionului. De asemenea, folosirea lui va permite reducerea substanţială a cheltuielilor.

În mod normal, piloţii avioanelor de transport au la bord circa 22 de kilograme de hărţi şi instrucţiuni de zbor. Toată documentaţia necesară siguranţei zborului, care se află la bordul avionului se schimbă obligatoriu o dată la fiecare 2 luni de zile în urma actualizării datelor, ceea ce reprezintă o risipă uriaşă de celuloză.
Forţele aeriene americane cheltuiesc anual circa 25.000 de dolari doar pentru hârtia necesară actualizării periodice a hărţilor de navigaţie.

Citeşte mai multe despre:

 

 

 

 

 

 

99% din smartphone-urile cu Android sunt invadate de o defecţiune gravă. Problema, nerezolvată de patru ani

Telefoanele inteligente, pe lângă facilităţile pe care ni le oferă, vin şi cu probleme. Spre exemplu, o echipă de specialişti în securitate a declarat că Google nu a rezolvat un bug de pe vremea sistemului Android 1.6, astfel încât 99% din telefoanele cu Android care sunt în circulaţie ar putea fi infectate cu viruşi şi troieni deghizaţi sub forma unor aplicaţii Android.

Această slăbiciune afectează sistemul pe bază de semnături criptografice folosit pentur verificarea aplicaţiilor şi pachetele de actualizari pentru Android.

Astfel, aveţi mare grijă ce aplicaţii downloadaţi de pe Android Market, pentru că v-aţi putea distruge smartphon-ul.

 

Citeşte mai multe despre:

 

 

 

 

 

Samsung Electronics’ second quarter misses forecast as smartphone worries deepen

By Miyoung Kim

SEOUL (Reuters) – Samsung Electronics Co Ltd missed already modest expectations for its quarterly earnings guidance on Friday, deepening worries that its smartphone business may have peaked, as growth in sales of its blockbuster Galaxy phones begins to wane and new rivals emerge to eat away at its market share.

The Galaxy S, powered by Google’s free Android platform, propelled the South Korean firm into the top rank of smartphone makers in 2012, overtaking Apple Inc whose iPhone had set an industry standard five years earlier.

Now investors fear Samsung may also follow in the footsteps of Apple and other once-mighty players that are struggling with shrinking margins, in an industry where companies live and die by their ability to stay ahead of the innovation curve.

“Is Samsung’s smartphone story now over? Not quite yet. It’s growth is indeed slowing due largely to disappointing sales of the S4,” said Jung Sang-jin, a fund manager at Dongbu Asset Management, which owns Samsung shares.

“Yet I think Samsung has some exciting stuff up its sleeves. The problem is no one is sure whether these products can really wow investors and consumers.”

The disappointing earnings estimate by Samsung, which has had a track record of beating even the most bullish forecasts, sent its shares down more than 3 percent on Friday.

They have dropped 17 percent since early June, hit by a series of brokerage downgrades. The share price reflects concerns about Samsung’s handset margins, with its mobile business generating 70 percent of the tech giant’s total profit.

The fall in the share price equates to a drop in market value of 39 trillion won ($34.2 billion), or worth the combined market capitalisation of Sony Corp and LG Electronics Inc.

“One of the biggest risks for Samsung Electronics going forward is that 70 percent of total operating profit comes from mobile business. Diversification is key. Samsung needs to engage in active business transition until end-2014,” said Jeff Kim, an analyst at Hyundai Securities.

ALL TIME HIGH AGAIN IN H2?

To be sure, Samsung’s 9.5 trillion won ($8.3 billion) operating profit forecast, up 47 percent from a year ago, is a record and it is expected to report higher earnings in the current and fourth quarters as sales of its latest Galaxy S4 phone pick up and new products hit the stores. Prices of memory chips, another industry which Samsung holds the lead, are also expected to remain strong.

“Samsung’s got diversified businesses. When one business lags, it’s got others outperforming and propping up the overall profit,” Jung at Dongbu said.

“The component business is widely expected to pick up the slack in the second half when smartphones slow, but now worries are also mounting that the component business’ recovery could be short-lived.”

The guidance, released ahead of full quarterly results due on July 26, was worse than an average forecast of 10.16 trillion won in a poll of 43 analysts by Thomson Reuters I/B/E/S.

“I think Samsung spent more on marketing expenses than expected because of the launch of Galaxy S4 smartphone, which led the company’s results to miss the market consensus,” HMC Investment Securities analyst Nho Geun-Chang said.

Samsung spent more on marketing than R&D in 2012 for the first time in at least three years, and the S4 was launched in March with a Broadway-style show in New York.

The company also invested heavily in distribution channels including opening brand shops in 1,400 Best Buy stores in the United States.

But the glitz and glamour has failed to arrest a slide in handset sales growth, and shipments are seen rising only 4 percent to 8 percent in the second quarter from the previous quarter.

Handset margins are also being squeezed, as consumers in countries like China – the world’s biggest smartphone market – opt for stripped-down cheaper devices.

NEXT BIG THING

Competition is getting intense with Chinese manufacturers such as Huawei Technologies Co Ltd and ZTE Corp making ground in the popular mid- to low-end market.

Nokia Oyj, once the handset king, unveiled two back-to-basics 3G phones this week. They allow access to popular applications such as Facebook and Twitter, and sell for just $68.

“There’s still a big uncertainty about how Samsung will respond to the low-end market,” said Brian Park, an analyst at Tong Yang Securities, referring to its plans to launch a device based on the open-source Tizen operating system.

Wearable gadgets will also be crucial to the company’s hopes of riding a new wave of extraordinary profit growth.

Apple has applied for a trademark for “iWatch” in Japan, signaling the iPhone-maker may be moving ahead with plans for a watch-like device as the industry turn its attention to wearable computers.

Samsung has also filed a trademark for “Samsung Gear” in the Untied States for its range of wearable devices.

“The (expected launch of) wearable devices won’t be able to replace Samsung’s smartphone business, but it’s more likely to complement its earnings at best,” said Byun Han-joon, an analyst at KB Investment & Securities. ($1 = 1139.2000 Korean won)

(Additional reporting by Joyce Lee and Hyunjoo Jin; Editing by Stephen Coates)

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Affiliate software for Amazon Store websites | Android Forums | WordPress Tutorials

Samsung on track for record second-quarter profit as smartphone peak looms

By Miyoung Kim

SEOUL (Reuters) – Smartphone leader Samsung Electronics Co Ltd is set to report a record $8.9 billion quarterly profit on Friday, even as growth in sales of its blockbuster Galaxy series begins to wane and new rivals emerge to eat away at its market share.

The Galaxy S, powered by Google’s free Android platform, propelled the South Korean firm into the top rank of smartphone makers in 2012, overtaking Apple Inc whose iPhone had set an industry standard five years earlier.

But the South Korean firm, which posted five consecutive record quarterly profits until the first quarter of 2013, now faces questions about how it will deal with narrowing margins as rivals flood the market with cheaper, simpler smartphones.

“Earnings could improve further from here as Samsung could cut prices of the S4 to boost overall shipments to a level that offsets any decrease in selling prices,” said Brian Park, an analyst at Tong Yang Securities.

“But the bigger issue is that there’s not much clarity about its future product lineups, and smartphones are increasingly commoditized … It’s inevitable that Samsung’s stellar profit growth will come to an end and stagnate starting from next year.”

Shares in the $185 billion company have dropped 15 percent since early June, hit by a series of brokerages downgrades. The share price reflects concerns about handset margins, with its mobile business generating 70 percent of the tech giant’s total profit.

Its share price woes equate to a fall in market value of 33 trillion won ($29 billion), almost equal to the combined market capitalisation of Sony Corp and LG Electronics Inc.

To be sure, Samsung is by far the world’s top smartphone maker with 33.1 percent of the market compared with Apple’s 17.9 percent in the first quarter, according to research firm Strategy Analytics. Its rich product portfolio spans both the high and cheap-and-cheerful end of the market.

But competition is getting intense with Chinese manufacturers such as Huawei Technologies Co Ltd and ZTE Corp making ground in the popular mid- to low-end market, especially in China, the world’s biggest mobile market.

Underscoring the growing focus on cheaper devices, Nokia Oyj, once the handset king, unveiled two stripped-down 3G phones this week. They allow access to popular applications such as Facebook and Twitter, and sell for just $68.

Mozilla also said this week that first smartphones running on open-source software Firefox will be available through Deutsche Telekom and Telefonica. Priced at less than $100, the models are manufactured by TCL Communication and ZTE and allow developers to easily create apps, as the software is based on HTML-5.

Samsung, due to release its April-June earnings guidance on Friday, likely increased quarterly operating profit to a record 10.16 trillion won ($8.9 billion), according to a survey of 43 analysts by Thomson Reuters I/B/E/S.

That would be up 57 percent from a year ago and 15 percent higher than the previous quarter, reflecting the launch of its flagship Galaxy S4 in late April.

But its earnings estimates have been cut by 3 percent over the past 30 days, and analysts are warning that the days of thumping record profits may be coming to an end.

Citi analyst Henry Kim estimates Samsung’s telecom profit margin would decline by 4 percent next year and 3 percent the following year on high-end market saturation and increasing sales of cheaper phones.

Samsung is widely expected to have sold between 72 million and 75 million smartphones in the second quarter, including some 20 million Galaxy S4. That’s only marginally better than first-quarter smartphone sales of 69.4 million.

Solid recovery in memory chip prices is likely to offset the easing pace of growth in telecoms business, analysts said.

Prices of dynamic random access memory (DRAM) chips, used mainly in computers, have jumped nearly 90 percent so far this year. NAND chips, which are used in mobile devices to store data, are also widely expected to be in short supply.

Samsung is the world’s top maker of televisions, handsets and memory chips, competing with Sony and LG in televisions and with Toshiba Corp and SK Hynix in memory chips.

(Reporting by Miyoung Kim; Editing by Stephen Coates)