Categories
Interesting random stuff

5 alternatives to Whatsapp

Now that Whatsapp is part of Facebook, some might feel a bit exposed using it. But I wouldn’t worry about Facebook doing something with their chat conversation data. I would worry more about the fact that it has been known to have very weak security.

Also last weekend, after the Facebook purchase, the service had a major fail. I had several friends going back to SMS messages to communicate.

So for those cases, here are 5 alternatives to Whatsapp in case you don’t like it, don’t trust it or when it fails:

### Line

line logo

Besides normal chat like Whatsapp, Line offers free video and voice calls. It has emoji like Whatsapp plus stickers, and you can also send location, photos, videos and voice messages in the chat stream. Another plus with Line is that it has a desktop client, so you can reply and continue your conversations on your desktop while doing other things, instead of having to reach your phone every time.

Download Line

### Viber

viber logo

Viber also supports emoji, stickers (and you can download extra ones if you need), and like Whatsapp it supports group messages with up to 100 members. Besides texts, Viber only supports voice calls. Like Line, it also has a desktop client. Oh, and they explicitly say they value your privacy.

Download Viber

### Telegram

telegram logo

When Whatsapp went down, Telegram signed up 5 million new users. This app is getting more popular every day.

Telegram supports group chats with a maximum of 200 members. You can share photos and any other media, and videos up to 1Gb. The most unique feature of Telegram is Secure Chats. These chats have end-to-end encryption and they claim are not logged in the chat servers. Also you can set them to auto delete themselves after certain time on both ends.

They also claim to be concerned about your privacy and security and they show it with their features. They also claim to never disclose data to third parties.

The interface is very similar to Whatsapp if you’re migrating from that. The downside is that it doesn’t support voice or video chats. It supports emoji but no stickers like other clients and no desktop client either. Although you can install it on a tablet, it lacks a tablet design.

Download Telegram

### Skype

skype logo

Well, we all know Skype by now. It supports chats with very limited emoticons, no emoji or stickers. You can send files but not share pictures easily in the chat timeline. The advantage of Skype is its large user base and its voice and video chats. And if you have skypeout or similar you can have an additional phone number to receive calls on any device.

Download Skype

### Google Hangouts

hangouts logo

Hangouts is Google’s chat client replacing Google Talk. It supports voice and video chats, emoji, photos and location (no videos or voice messages for now). It has a desktop client (actually a Chrome extension) so you can continue your chats anytime your browser is open, or you can do it while having your Gmail or Google+ window open. Like Google+ in the social media landscape, Google Hangouts is a late-comer into the mobile messaging world and it has slowly been adopting features from its competitors. But since it has the Gmail user base behind it and every new Android phone seems to have Hangouts included, it is slowly gaining popularity and it is very likely that your friends already have it, ready to receive your messages in case other services are unavailable.

Download Hangouts

If your concerns are more into the privacy and security area, I recommend you to read my post about secure communication apps.

Categories
Digital rights Law & Freedom

Rethinking social media privacy

Anonymous contre Acta à Rouen

I was an active Foursquare user back in the first years of it, and it’s been a while since I toned down my participation in it. A few years ago, my girlfriend questioned me on why I was reporting my location everywhere I went. What was my gain on it? How much value did I gained versus the risks and privacy losses? This applied to Foursquare and all the other social media networks, specially Facebook.

Giving some thought to what people post on social media networks, as individuals, there’s a lot of questioning as to why one does such things. They make it a game, addictive with lame rewards and “badges” with no meaning. They get supported by your friend’s peer pressure to go on and join and also to actively participate. If you’ve been an active user of a social network you know it’s hard to quit.

Some don’t even tell you that you’re being tracked while you use it, while you check that photo your friend added or replying to that family member that seems to have forgotten what email is and how it works. We empower the social media sites with content. We write for them, we upload for them. Make it rich in content and attractive to more people for them. They get to sell our content, brag about our ideas and scrutinize your activities and thoughts. And all we get is the social communication benefit. Now we are so highly communicated that we barely talk to each other while waiting in line at the bank or while your car is being washed. I’ve seen families that are so connected that they all stare at little screens at a very quiet dinner table.

By the time my girlfriend was making me think of a balance in my privacy, drug wars in northern Mexico reminded us all why we need privacy. Friends being kidnapped because it was easy to know where they were and who they hang out with. Our own free speech being used against us. Things got so bad (still are) that you could not talk about what was going on in public places. People had to create a language of silences and signs to discretely say what they wanted to say if they were in public. People got so used to it, that even in the comfort of their own homes they could not pronounce the name of the attackers.

Covered protester

Suddenly you’re being reminded that the world is not a happy safe place where you can shout out everything about you. That it is not about having something to hide, it’s about protecting yourself and those around you. You wouldn’t hide your family, but you also wouldn’t like them to be taken away from you. Although I do know people that did had to hide their family.

The problematic part is that leaving the social media sites is not an option. You’ll be like a caveman or outcast, missing on a now big part of your participation in the world for social or even business communication. Your social circles will almost demand your participation in them to stay in touch. Even if you leave and cease all participation, the social media networks will still know about you by what your friends post about you (photos, videos, comments, links). That’s why I have reached to the conclusion that the best answer to that is to moderate my participation in them.

I want to share this talk by Eben Moglen, lawyer of the software freedom law center and who help draft the GNU license among several other things. This talk is from 2011, and he used references to the KGB as examples because he probably knew that using the US government would be too unbelievable by most people at that time. Oh but times change, unfortunately not much for the benefit of freedom and anonymity.

Wow, this blog post was drafted on september 30th 2011 and was sitting idle without much changes or additions. I thought of deleting the entry, as I had no reasons to talk about social media privacy anymore. But times change…or maybe things just got worse, and there’s been a lot of mess with privacy lately.

Categories
Digital rights Law & Freedom GNU/Linux Free Software & Open Source

10 apps for privacy and secure communication

Mobile security

With all the recent news about privacy violations, user data requests, gag orders and the like, it is useful to know that there are tools to communicate in safer ways. I can’t say that they are bullet-proof, as I’m not a security analyst, but at least you can add an extra layer of complexity to those trying to tap into your communications.

  1. Redphone – allows you to have encrypted phone calls
  2. TextSecure – for secure SMS/MMS communication
  3. Gibberbot – for encrtypted chat over Jabber (XMPP) or Google Talk (Hangouts), Facebook Chat, VKontakte, Yandex, Hyves, Odnoklassniki, StudiVZ, Livejournal, and more
  4. OscuraCam – helps you censor out parts of an image like a phone number, license plate, a face…or body part
  5. NoteCipher – stores encrypted notes on your mobile device
  6. GNU Privacy Guard for Android – to encrypt anything, from notes, photos.. any file and emails
  7. K-9 Mail – an open source email client with PGP support for sending and receiving encrypted emails
  8. Orbot – a free proxy app for your mobile device that encrypts your traffic using the TOR network.

    On the browser you can use:

  9. Mailvelope – for encrypting your emails through webmail.
  10. Cryptocat – for private chats within the web browser using OTR encryption

As I mentioned before in my encryption tutorial, having your privacy is not about having something to hide, it’s more about protecting yourself.

In the words of author Ayn Rand:

Civilization is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.

Categories
GNU/Linux Free Software & Open Source

PRISM Break: A list of resources for privacy and freedom

Unchained

With the recent news scandal about the NSA surveillance program code named PRISM more people is starting to question their use of cloud services thinking about their privacy. I’ve talked about free network services and ugly cloud stories but this is the ugliest of all stories going mainstream.

The autonomo.us group was focused in producing free network services and established the “definition” of what makes a free network service with the Franklin Street Statement. There is also a big list of self-hosted software you can use to replace most of the popular web based applications and services.

But in addition to that list, Peng Zhong created a web site called PRISM Break with a nice and easy to understand list of software, both desktop and web services to help protect your privacy.

I’ve already been using several of these programs and discovered new ones. It might be scary to run your own instances of web services or change the software you’ve always used, but freedom and privacy are worth a shot. I hope these list gets bigger with new software developments and current offerings get better as more people use them and get more attention.

Categories
GNU/Linux Free Software & Open Source Tutorials & Tips

Protect your personal information privacy with GPG encryption

Secure Cloud Computing

Political scandals have always been about leaked information. Don’t
you wonder why sensitive data has been passed around in clear text on
the leaked cables that Wikileaks has been making public, while your
latest SpongeBob Blu-ray or DVD disc is encrypted with DRM locks and
transactions like your book purchase at Amazon is secured and
encrypted by SSL certificates?

Encryption has been overlooked by general public all the time. You
only hear about it in “hacker” films or breaking news scandals. Although
encryption is commonly associated with hiding secrets, when in fact
it’s more about securing information. When you change the mindset
you’ll start considering encryption as something more relevant for
your everyday digital life.

For example, the cloud storage service Mega has encryption built in, after the
lessons learned on the data kidnapping of MegaUpload servers. This is
for the protection of both parties, the service providers and
yourself, the user. This way, only you can open the files and not even
Mega employees can know what is in your storage account. Dropbox,
Google Drive and other services don’t provide the same level of
security, so basically anyone that has access to those servers can see
your personal information.

There are many types of encryption methods. One of them is called GPG
(initially PGP but the free software version is known as GPG).

GPG is a two key system, where you hold a private key and a public
key. The way it works is that you encrypt a file with someone’s public
key and send it. On the receiving end, the other person has a private
key, and only with the private key the message can be deciphered.

Public keys can be obtained from the person directly through a file
transfer or email attachment prior to encrypted communication. Some
people, like me, publish their public keys on their personal web
page. The most common method to get a public key is to search it on
key servers. Most GPG GUI programs have the option to search, download
and upload public keys on key servers.

Encryption jargon

So to get started with protecting our data using encryption, you’ll
need to learn the basic concept words:

Encrypt

A blue lock for George

Encryption will protect the contents of the file, image, text or
whatever is being encrypted, so that only the owner of the private key
can view it.

If you want to protect a file only for your eyes, encrypt
it with your own public key.

Decrypt

Lock

This is the process of removing the encryption so that you can view
the contents of the protected file. This can only be done if the
contents were encrypted with the public key of the person who’s
supposed to see the information.

If someone sends you a file that was
encrypted with your public key, only you, who has the private key, can
decrypt the file.

Sign

Autograph

Sometimes the only layer of protection you need, is to make sure the
contents of a file or email were not altered between the time you send
it and the time it is received by the other person.

It also works as a way to make sure that a message is coming from you,
since you need your private key to sign the file and only you have
access to it.

Signing a file or text is a mechanism to know that the contents are
intact. This does not hide the message itself, it only adds a
signature to the file to ensure that every bit is in place with no
modifications.

Verify

Goodbye, Sammy. (With Flickr notes)

This is how you check a file or message’s signature for authenticity
and integrity. If the signature doesn’t match, it means that the file
has been altered or didn’t came from the right person.

You can sign or encrypt a message or file. Signing doesn’t hide the
information but it helps to certify that the information hasn’t been
modified by anyone else before reaching you. Encrypting will hide
the information so no one can see the message or file’s contents.

Setup

SSL

To setup GPG on your system, you’ll need to generate your public and
private keys. Any GNU based system is compatible with GPG (GNU Privacy
Guard). Most GNU/Linux distributions are already bundled with the gpg
command-line tool. If not, on a Debian-based distribution you can
install it with:

sudo aptitude install gpg

Generating your keys

Keys.

After you installed gpg on your system, to create your keys for the
first time, all you need to do is open a terminal and type:

gpg --gen-key

This will start a step by step process with some simple
questions. When in doubt, use the default options by just pressing
Enter. Don’t fear the command line, it’s just text.

When asked for a passphrase, note that GPG is not asking for a pass
*word*, it’s asking for a pass *phrase* so make sure it is longer than
one word and an easy to remember sentence.

Once that is done, you can check your list of keys with

gpg --list-keys

Key search and import

If someone hands you their public key on a file, you’ll need to import it to your keyring to use it:

gpg --import key.asc

The key.asc is the file with the public key.

You can also search for someone’s public key on key servers

gpg --search-keys [email protected]

After the results, the GPG will ask which key you want to
import. Select the key from the results list by their number at the
beginning.

Basic usage

Security

Encrypt

To encrypt a file, first you need to import the receiver’s public key,
then you can use it like this:

gpg --encrypt --recipient [email protected] my_message.txt

This will generate a file my_message.txt.gpg which is the encrypted
file you’ll want to send.

Decrpyt

To decrypt a file, the sender must have used your public key. You can
use whatever name you want for the output file, in this case
“my_message.txt”

gpg --output my_message.txt --decrypt my_message.txt.gpg

Sign

To sign a file you use this command:

gpg --armor --detach-sign myverifiedfile.zip

This will create an additional file called ‘myverifiedfile.zip.asc’
which is the signature to verify the file. Send both files to the
receiving end.

Verify

You receive two files: the data file and the signature file. You can
verify the signature with this command:

gpg --verify signature_file.asc myverifiedfile.zip

Frontend tools

If you’re on GNU/Linux and using KDE you can install the user interface KGPG

sudo aptitude install kgpg

On Gnome, you can use Seahorse

sudo aptitude install seahorse

For graphical user interface options on Mac OS X and Windows, you can
check the GPG website.

These GUI front ends will integrate well with your desktop
environments, so you can easily encrypt, decrypt, sign or verify files
from the file manger right-click menu options.

GPG and Email

The easiest way I can recommend to use encryption with email, is with
Enigmail, an extension for the Mozilla Thunderbird email client. It
integrates very well and makes it easy to sign, encrypt, verify and
decrypt email messages.

In case you haven’t generated any keys, Enigmail will help you
generate them with an easy step by step graphical Wizard.

locks

I hope this guide helps you know more about encryption and how to use it. And remember: Encryption is not only about hiding secrets; It’s about protecting your personal information.

Categories
Digital rights Law & Freedom GNU/Linux Free Software & Open Source

Facebook terms for your uploaded content

facebook

Maybe this is old news, but I was checking Facebook’s terms of service to see if something had changed since the last time I saw them. But everytime I read this, I keep getting surprised and annoyed. The following is the exact quote from the terms of use that makes me think twice about uploading any pictures to my photo gallery.

I’ve highlighted the parts you should watch out for:

When you post User Content to the Site, you authorize and direct us to make such copies thereof as we deem necessary in order to facilitate the posting and storage of the User Content on the Site. By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content. Facebook does not assert any ownership over your User Content; rather, as between us and you, subject to the rights granted to us in these Terms, you retain full ownership of all of your User Content and any intellectual property rights or other proprietary rights associated with your User Content.

And the other day I found some local TV advertising studio photographs, from the biggest TV network in latinamerica, posted on the photographer’s photo gallery. He could get sued by his client!

Good think Flickr exists and provides us with our own licensing terms. And even more for providing the option of Creative Commons licensing.

It would be interesting and a huge challenge, to come up with a social networking site like Facebook that follows the Franklin Street statement.