Communicating in Spite of Big Brother

In this interview, Jacob Appelbaum shares some wise words regarding personal information security. He may have been speaking within the context of the various Occupation protests, but his advice certainly applies to non-activists as well. With that in mind, I would like to share some of the steps that I take to protect my communications and mitigate surveillance. But first, I need to address some of the misunderstandings that people commonly hold about privacy.

The misconception that only people with something to hide require privacy bothers me the most. Privacy will obviously help someone hide something, but, for the most part I think, we need privacy to protect the integrity of ourselves as individuals and that of our relationships. For example, we share personal information with friends and family to extents which we limit according to intimacy. We share more with the people with whom we relate to more closely. And we typically share such information on a reciprocal, equitable basis so each party has equal footing, at least in healthy relationships. Therefore, we use privacy to make our personal information privileged, thereby making those with whom we share it, friends and family, special people in our lives. When a person or organization spies on you, they get to know you on a unilateral, inequitable basis. As such, they have the power to take advantage of you, not only because they probably have the physical means, but because you lack the equivalent information about them.

Of course, that logic won’t sway folks who don’t believe that they are the subject of surveillance. People commonly think that believing otherwise would make them paranoid or delusional on the grounds that they live lives too uninteresting to get Wenlock’s attention. The cost of surveillance, on a per target basis, keeps decreasing, so holding such a belief makes one realistic, as the construction of the Utah Data Center exemplifies. Yet, for people who still believe in immunity through innocuous mediocrity, Appelbaum presents a sound argument:

The people who that say that—if they’re not cops, they’re feeling unempowered [sic]. The first response people have is, whatever, I’m not important. And the second is, they’re not watching me, and even if they were, there’s nothing they could find because I’m not doing anything illegal. But the thing is, taking precautions with your communications is like safe sex in that you have a responsibility to other people to be safe—your transgressions can fuck other people over. The reality is that when you find out it will be too late. It’s not about doing a perfect job, it’s about recognizing you have a responsibility to do that job at all, and doing the best job you can manage, without it breaking down your ability to communicate, without it ruining your day…

In other words, you don’t have to believe that you’re a target. Rather, not taking precautions imposes vulnerability on your associates because your personal information also includes their personal information (to the extent that they’ve shared it with you). Furthermore, it doesn’t matter if you and your friends faithfully abide by the law. Who says that the state’s agents will interpret correctly the information about you that it collects? Everybody makes mistakes, after all. And non-state entities, who don’t necessarily care about your behavior with respect to the law, also engage in surveillance, whether it’s Google, Facebook, or your employer. Any trust you may have put into those entities becomes irrelevant when the data they’ve collected gets compromised by a malicious third party.

Sometimes along the lines of an “eat, drink, and be merry, for tomorrow we die” attitude, people will argue that given the insurmountable power of the state, we have no real means to protect the privacy of our communications. Indeed, vulnerabilities will always exist. But, where we might lack the means to completely protect ourselves, at least we can establish an expectation of privacy, which may provide some legal protection. At the very least, it’s important to demonstrate respect for your associates by exercising due diligence. That’s why, despite the weak physical protection they offer, we put our postal mail in paper envelopes. Equivalent technologies exist for e-mail and other internet communications (which provide much better security), yet few if any of my associates use or even know about them. So, if you don’t feel that using an envelope signals paranoia, or that they’re too useless to even bother with, I encourage you to employ some, if not all, of the following measures for your internet communications.

With varying discipline, I do the following:

• From my PC, I cryptographically sign my e-mails with OpenPGP using the Thunderbird e-mail client with the Enigmail add-on. From my Android smartphone, I do the same with K-9 Mail and APG. Although I doubt that any of the recipients of my messages ever try to verify them, I get a small amount of geeky joy every time I sign an e-mail. Doing so also gives me an opportunity to include at the bottom of my e-mail messages a note explaining that I signed the e-mail and that I am happy to show others how to verify it. I would prefer to encrypt my e-mails as well, but if the people I e-mail won’t verify my signatures they certainly won’t have public keys to share with me.
• I retain the ability to have encrypted instant message conversations using OTR. On my smartphone I use Gibberbot and on my PC I use Pidgin with the appropriate plugin. I’ve had better luck showing off Gibberbot (and its iOS counterpart, ChatSecure) to friends and getting them to use it than OpenPGP, but my battery doesn’t last long enough to let me run Gibberbot without a recharge half-way through my day. So, my friends and I have resolved to use it for sensitive discussions only, but that’s a significant limitation. At what point does a conversation become sensitive enough to warrant switching apps? Can’t an eavesdropper build a thorough profile from seemingly innocuous conversations?
• Similarly, I have Tor installed on both my PC and my smartphone (as Orbot). However, because it’s slow, I rarely use it to browse the web. Still, I enjoy contributing to the Tor network as a node. Also, the Hidden Service feature is convenient for getting around the limitations of a dynamic IP address.

Of those measures, the first is probably the most convenient and effective. I believe that the reason for people’s reluctance to adopt it come from their reluctance to use an e-mail client in the first place. Gmail’s web interface, for example, offers a great experience without having to install or configure anything. That’s too bad. Sealing an envelope really isn’t that hard.

Dead dog.

Nah, we just took him to the newly opened dog park. You should take your dog to a dog park, too.

“Executing Update Component”

Is it just me, or is there something nostalgic about a slow computer?

41.221948 -73.102014

An Adventure in Vintage Homebrew

It wasn’t that color when I bottled it, and it didn’t taste like vinegar either. I guess 2009 Groom’s Reserve didn’t age well.

41.306646 -72.918475

Testing…

Hello, world!

41.310567 -72.932360

Apparently 1-800-Flowers.com doesn’t think they’ve screwed over enough people.

Today, I got a check in the mail for $9.25 from 1-800-Flowers.com. I assumed that this check was the outcome of some sort of class action lawsuit in which I was an unwitting plaintiff. I mean, I believe it was last Mother’s Day that they delivered a product inferior to the one I ordered to my mother, and failed to deliver the one Kat ordered for hers, and never produced any sort of refund. Surely, others suffered from this terrible service as well, so I reasonably figured that such a lawsuit had occurred.  Then, I realized that Kat hadn’t received any such check, so I decided to read the fine print.

By cashing this check I agree to a thirty-day trial offer in Elite Excursions. I understand that the $19.99 monthly fee will be automatically charged to my card on file with 1-800-FLOWERS.COM unless I cancel my membership by calling 1-866-709-2905 before the end of the trial period… By cashing this check I authorize 1-800-FLOWERS.COM to securely transfer my credit card information to Elite Excursions for enrollment, billing and benefit processing.

Yeah. Would you, at the suggestion of a company that had ripped you off once before, sell your credit card information to a company you’d never heard of for $9.25? You be the judge, Internets.

As some of my readers may know, I married Kat on June 20 of this year. She’s awesome. She’s sexy. She’s smart. She may or may not know what she’s gotten herself into. And all that makes me very lucky. I had thought about chronicling the wedding, honeymoon, and the preceding events, but I can’t possibly do it justice. In fact, I’d almost prefer that the stories of our wedding exist only as an oral history, aging for the sake of occasional tastings, like a good vintage, or more appropriately, a dark, potent brew. So, I’ll stick to something I had hoped I would write about more often when I started this blog: beer.

I prepared a really awesome gift for my groomsmen. It consisted of a homemade Oktoberfest contained in fancy, swing-top style bottles. Each bottle bared a hand-made label, and came packaged with a pint glass, hand-etched with the groomsman’s initials. Pat Faust, the wife of Dennis at Brew and Wind Hobby in East Hartford, did the calligraphy and screen-printing for the labels as well as the glass etching. I had the beer brewed and bottled for sometime prior to the wedding, but I waited until about 10 days before the wedding before I came up with the label idea and started looking for someone to make it and the glasses for me. In addition to creating a really nicely finished product, Pat did it within my tight schedule and the gifts were a hit. They simply wouldn’t have happened without her.

As far as actually brewing the beer went, it involved a lot of firsts. It was our first lager, it was Dave’s first experience with homebrewing, and it was the first brew session at my parent’s house. Also, this batch employed some new equipment, including a 185,000 BTU propane regulator and burner for brewing, and a mini-fridge equipped with a temperature controller for fermentation. The burner necessitated that we brew outdoors, on a cold December night, at my parents house. Since it produced lots of fire, heat, and carbon monoxide, we obviously couldn’t operate it in the apartment. Furthermore, I didn’t feel like lugging brewing equipment to and from the courtyard. However, brewing away from home would present its own challenges, like forgetting to bring the yeast. While brewing, I turned up the burner too much, leading to a boil-over and then a small fire. Apparently, the foam from the wort caramelized as it spilled down the side of the pot and then ignited upon contact with the flame. After dealing with that and adjusting the burner to a lower setting, I thought all was well. We still had a really strong boil going, which undoubtedly helped make the beer really clear in the end, but we also lost a lot of water, reducing yield and increasing the concentrations of hops and malt. I wish I could blame the small amount of beer, 3.75 gallons, on the insanely powerful burner, but truthfully, I easily replenished the lost wort volume with water during fermentation, achieving the intended concentrations of malt and hops. Therefore, the low volume really has to do with poor efficiency in the mashing process. Perhaps the small quantity increases novelty of the whole thing. At least it tastes good!

And it’s not just me saying that. Even Samuel Adams agrees. On a whim, I submitted four twelve ounce bottles of Groom’s Reserve to the Samuel Adams Longshot Homebrew Contest where it earned second place in the Oktoberfest category. I will point out that the brewer who took first in that category became a finalist with another one of his entries. In other words, I was beaten only by a skilled brewer, as opposed to some schmo. As a prize, Samuel Adams sent me a hat. I may only wear it when I get drunk, but I wear the glory 24/7.  Have a look at the judges’ report cards:

Before I close, I’d like to share a link to some of the wedding photos taken by our guests. When I get a hold of the digital copies from our official photographer, I’ll share them there.