Szerteszana²

grin agymenései
Taggalés english

Secure chat on mobile and desktop

2017-01-07 10:12 írta grin

Big Brother is Listening

We live in curious times.

While we have "civilisation" and "freedom" and "democracy", we also happen to have corrupted politicians, governmental secret services, industrial and business spying, and generally various violations of privacy and personal space.

When Phil Zimmermann have created PGP it wasn't because he was spied on -- it was because anyone of us could have been spied on and we wouldn't be able to protect ourselves; usually it doesn't quite matter but at the point when it started to matter it'd be already too late to start doing something about it. Prevention. Back then the Government have considered a person "suspicious" if s/he encrypted the communication; when everyone encrypts their communication it wouldn't be "suspicious" anymore, and wouldn't be possible to single out peope just because they're using secure means to communicate. And by "secure" I mean secure against even the skilled criminals, including governmental ones. Todays' encryption is usually "unbreakable" even for the three-letter U.S. and Russian agencies (and the similar ones with undescribable name in China).

Since then time have forwarded fast, and not just PGP became legal but there are plethoras of programs promising secure communication, protection of one's identity, untraceability or deniability of messages, self-destructing or timing out messages and alike. This have happened due to the governmental and industrial criminals becaming more and more aggressive in their invasion of our privacy, storing and analysing personal private communication, using and abusing it to their purpose and agenda.

They often say: the terrorists use the technology, so we have to make it illegal. Obviosuly, since if we make it illegal the terrorists will stop using it, unlike the citizens protecting their own private life from the government?

"When privacy is outlawed only outlaws have privacy."

But that's a theoretical problem; in reality we have to protect ourselves from political and business oriented criminals in high positions, attacking our communication infrastructure wherever they can. Google have learned the hard way that even their internal traffic could be unlawfully tapped by the agencies and they're hard working preventing that and hoping that they're protecting faster than the government infiltrates it. Everyone have to protect themselves as good as they can since we cannot put all the trust in the companies running the stuff in faraway places. I trust best what I protect for myself.

So let us see the practice. I try to summarise you some of the best and most secure, widely available communication programs for mobile phones (or at least Androids). We do not talk about the security of the devices here: that's a different and quite lengthy topic, but let's assume that at least the devices are not readily tapped. If the stakes are that high then don't use industrial devices; use self-built open-source computers with professionally crafted protection. It is not hard, but we don't need it right now - we don't want to kill JFK after all, just prevent agents to blackmail people for whatever random reason, to prevent our email and phone addresses from spamming and analysing, to prevent agents and businesses to build personality profiles of us and alike. We're not the criminals - they are.

The programs

The good

I'll expand these below.

  • WhatsApp - public protocol
  • Signal (formerly TextSecure) - public protocol
  • Wire - open source
  • Conversations (XMPP + OMEMO / OTR) - public protocol
    • ChatSecure (discontinued)
  • Telegram secret chat
  • SIP + encryption
  • ToX (and AnTox) - public protocol

The questionnable

These often encrypt the communication between you and the server of the provider, but without end-to-end encryption they can read everything you do.

  • Telegram normal / group chat
  • Hangouts / Google Talk - TLS

The bad

Apart from using insecure means of communication these programs often leak private data to their parent companies or agencies. Some of them gather completely unrelated private data on purpose.

  • Viber - insecure and known illegal transfer of private communication
  • Facebook chat - insecure
  • Facetime - pretty secure but no identity verification
  • Skype - insecure, known privacy problems
  • Snapchat - insecure and misleading

Never heard of

These show up in my searches but never have used them, listing them in case someone's wondering.

  • Threema - non-free
  • Gliph - looks like some kind of bitcoin based business, with non-published security architecture and high claims
  • Wickr (possibly pretty good, with end-to-end encryption and have been audited but the protocol isn't public and the code is not open; it have a stupid idea of destroying every message after at most a week or so; and I've been told that Wickr shuts down accounts not used for half a year without warning.)
  • G-Data Secure chat - not much info, uses signal protocol
  • Line - Japan... no much info on implementation

Crypto background

Let me briefly tell you about some crypo stuff to make it easier to feel what's that fuss about. For those who are professionals on the crypto field I offer my sincerest apologies for oversimplifications.

Attackers and assurances

An "attack" means that someone gets to know information they have no business to know. Attackers could be anyone: governments, businesses, spammers, rogue internet providers, spooks, and even the person you're talking to. Let's see first what could go bad, and what to do about it:

Attacker goalSecurity property
1. Compromise messagesConfidentality
2. Change messagesIntegrity
3. Inject false messagesAuthenticity
4. Identify as another personAuthentication of partners
5. Block communicationNo single point of blocking
6. Learn metadataPrivacy protection
7. Prove content of messagesDeniability of content
8. Prove that persons communicatedDeniability of conversation
9. Learn past communication after compromiseForward secrecy
10. One attack compromises all future communicationFuture secrecy

That's a lot indeed.

There is also one property which is very important to consider: being open source. OS means that the program code is published for anyone to read, and to be able to verify the (security and other) claims the program authors make. Closed source often means code nobody ever looked at and never verified, so the authors can claim whatever they please without doing anything about it. Some closed source code were, however, externally audited, and if you trust the professionality of the auditor these (claims) should be reasonably trusted.

From the security protocol viewpoint (eg. "how good is the encryption technology a program uses") number 5 and 6 are not part of the problem, while in reality these are very important.

Metadata (#6) means the attacker can reveal who communicated to whom, when, how many times, how long the messages were, as well as the possible identity of the parties; in a hostile communication environment (like that between ukrainian people vs. Russian government) these are very sensitive (and potentially life threatening) informations. Metadata protection usually means that anonimity of the parties are ensured while there's some methods to assure #3 and #4.

Protecting from #5 is not meaningless as well. While obviously there is no protection against switching off the whole internet for someone, there exist protection against shutting down one or some central servers by force. Distributed, serverless channels are just for that.

You have to see that from the programs above very few offers you protection against #5, because it means you have to be a member of a distributed network. Tox and the not very much used Bleep offers you that, in exchange for higher network traffic, since you have to be a member of a distributed network of nodes, basically you're one server of the many. To be honest it is important that these assurances are only true if there are plenty of users using the given method, since a distributed network is only good if there are at least a few hundred well distributed users around (preferably way more). Tox does seem to have such userbase, Bleep may not.

To protect against #6 is not convenient for you either, since to protect from #4 both parties have to verify each others' anonymous identity. It's compulsory to be sure that what you verify is true, so the verification has to happen on a channel (preferably in live conversations or phone conversation) which is strongly identifying the partner. It usually involves reading up lots of numbers. :-) Conversations, Wire, Tox, Bleep offers you such protection.

Another way of #6 (metadata protection) is that the provider is reasonably trusted not to collect metadata, usually by using open source to prove it or to have an external auditor to prove it (but in that case it only stands for the audited software version and not for any other versions). Signal is probably on of these: while they collect real-world metadata (phone numbers) and store it on a central server they don't collect converstional metadata, which is fairly safe while having a simplified partner identification and partner directory. The counterexample is WhatsApp which provides the same way of message security and confidentality as Signal but syphons your metadata to Facebook to sell for advertisers or else.

Most program I suggested protects you against all other problems, which means Conversations, Wire, Tox, Bleep, Signal, Telegram secret chats, and possibly others which cannot be verified due to their closed source nature.

I would draw the line here, and insert summary in the middle to screw up those who read only the beginning and the end of a long post:

To use full security use Tox

The others (from "questionable" to "bad") often only protect the path between the device and the central server of the provider, and you have to fully trust the provider not to, well, act like an attacker. They can do whatever they want, including faking messages and reveal all content to third parties. If you do trust the provider, your messages may be safe from 3rd party adversaries listening to your network connection.

There are an interesting group of programs which claim to have a cryptographical technology to protect you (mostly only for #1 - #3), while their very technology is questionable. Such problems were identified in Telegram, and possibly others in the "bad" bunch which I didn't check thoroughly.

(Unfinished enty)

Hungarian popular referendum about refugees and the EU

2016-10-03 08:11 írta grin

From the inside of Hatelands

We are kind of over the period of more than two months of the Hungarian Fidesz government orchestrated hatred campaign, where the ruling Party have burnt more than 20 billion HUF (72.8 million USD) on all kinds of media places to tell the people what to think and vote about the referendum they have initiated. It's been already said that this was probably the most evil campaign ever in the history of Hungary since World War II, full of outright lies, violations of local (and most probably international) laws and unbelievable amounts of intervention in the life of public institutions from elementary schools to the law enforcement.

This has already been mentioned about this refrendum, and it surely help to understand the results. The average citizen get the news from the now completely Party-controlled public media, where they have acquired, taken or forced to have released to them most of the nationwide TV channels, they force providers to put these channels in the first programmed places, if you can imagine such a thing, so they use 7 TV and at least 2 radio channels to reflect their own view and provide selected and filtered news to the ignorant masses, so it may not come as a surprise that the government dictated results came out in majority. In fact this has been known well before the actual results, there was zero doubt about that.

However international, and even national news failed to show the much more relevant points to help understand what the results really show. Let me provide you some insight.

There are many objective analysis of the referendum from non government controlled institutions, and many agree in that the referendum possibly violates the national election laws (since there is no possibility to start a referendum in a topic where the National Assembly have no power), that the hate campaign of the government violated many local laws (since the government must not take sides in a referendum and the FIDESZ party [which technically a spearate legal entity but in reality spends the public founds as they were the government] are not in the position to use public funds to do a public campaign) and the referendum was completely pointless for many reasons, including the absence of information about what the government want to do with the results.

These have been the reasons that many parties, NGOs and politically active and even many not really active organisations called people not to engage in the voting process since it's illegitimate and illicit, and other entities (like the originally joke purpose Hungarian Two-tailed Dog Party, who now became the "neither of them" choice of some more informed voters) suggested the people to boycott the referendum by casting deliberately invalid votes.

People have been debated about these: should I stay home to boycott or should I go and cast an invalid vote? It is kind of surreal when one realises that in 2016, in Europe, it is a completely believable and natural thing that we have to calculate how to counter-measure the voting fraud of the government; whether it is easier for Them to fake your signature and vote when you stay home or whether it's easier to use a fake vote when you have signed your presence; how you should take care to make your invalid in a way that they cannot "interpret" it as a valid one (since there was an official guide how to interpret invalid votes as valid unless it's absolutely not posisble to misinterpret); how could the people somehow check whether the results were reflecting the reality. It did not help that most of the voting booths were validated only by governing party selected people.

Therefore it is very important to see how many people have actually stayed away and how many invalid votes were cast.

There are always invalid votes, that's normal. However, let me show you a comparison of the elections and referendums of the past decade:

Invalid votes in the percentage of total

This graph shows that we have almost ten times higher invalid votes than we ever had (this is true for the older referendums as well but their available data is not easy to automatically compare). Based on some statistical data additionally to this 6.27% invalid votes many of the absent votes have been part of the boycott, which results 10%, or more possibly more close to 20% of the population who deliberately rejected the referendum.

When you only see that there were almost no "support for refugees" you must know that those more than 1.5 million of Hungarians (possibly many more) did show their support by not being a puppet in this evil, hateful, dark comedy.

Regular Expression (regex) debugger

2016-07-01 10:50 írta grin
This is highly technical, non-geeks run away, now.

Okay, no, just kidding, this is just a bookmark entry since this is so cool.

Regular expressions are part of the Zen™© of the Programming. They are patterns which are matched against a string and check whether there is a match or not, take parts of the string or similar.

Also, regexps are highly geeky because they are an absolutely unreadable mix of all kinds of punctiation. Simple regexes are easy to write and easy to understand, however there are some whose complexity requires more understanding than one can spare for an average human lifetime.

Here come the RegEx debuggers. Funny, I almost have used none so far, maybe I like to break my brain on them. Anyway, there was one which was full of "meta matches" (?:) and recursive groups (eek), and I was looking for the easy way and googled "regex debugger". Found a lot of interesting but not that useful one, but then…

This.

Nice. Syntax diagram of the regexp.

Your address:

2016-03-10 11:22 írta grin

Where am I in the World?

Hungary - Europe (Hungary is less and less part of Europe and more and more part of the Soviet Union, China or Madlandia) - planet Earth - Sol system - Milky Way - Local group - Virgo supercluster - Laniakea supercluster - Pisces–Cetus Supercluster Complex - Perseus—Pegasus Filament(?) - Observable Universe - Universe.

Hi!

The quest for the perfect trim function in Perl

2013-10-17 10:49:39 írta grin
Guys will have been debating about whether there are gek girls or the causes behind the lack of them, and one of the point raised was the lack of will to pursue boring algorithmic questions. Funny that.

Oh, what I wanted to talk about was one of the most boring and simple and everyday things in programming: trimming the leading and trailing spaces from strings (remove them from the beginning and the end, that's it), and the Perl language.  At that point all non-programmers and people who cannot speak perl or regular expressions are relieved from duty, go and get some food.
For those that remained, you may well know that there is no "trim" in perl, you usualy either use a module (Text::Trim comes to mind) or actually regexp it yourself. Most people have their favourite.

But they may not be the best ones!

Perlmonks (who are the pros in everything in perl, most of the time) had their run at it several times, but I wasn't quite satisfied about the depth of the analysis. I need the perfect trim!

So ­ ­ - following the Monk mindset - I gathered a few ideas, among my usual one, and threw them in two testing modules, namely Benchmark and Test::More; first to see the speed and second to check corectness. Actually, it's been the other way around: first I have thrown out those which were buggy and benchmarked the rest.

So here are those who did not fail the tests:
    grin1   => '$str =~ s/^\s*(.*?)\s*$/$1/;',
    mre     => '$str =~ s/^\s*((?:.*\S)?)\s*$/$1/;',
    silly   => '$str =~ s/^\s+//; $str=reverse $str; $str =~ s/^\s+//; $str=reverse $str;',
    hellish => '$str =~ s/^\s*//; $str =~ s/\s*$//;',
    hellish2=> '$str =~ s/^\s+//; $str =~ s/\s+$//;',
    split   => '$str =~ s/^\s+|\s+$//g;',
    te_tri  => '$str =~ s/\A\s+//; $str =~ s/\s+\z//;',


First one was what I usually used, and the rest was advised in various places. The benchmark said:

       mre: 13.8181 wallclock secs (13.67 usr +  0.01 sys = 13.68 CPU) @  730994.15/s (n=10000000)
     grin1: 11.2415 wallclock secs (10.81 usr +  0.04 sys = 10.85 CPU) @  921658.99/s (n=10000000)
   hellish: 6.81456 wallclock secs ( 6.50 usr +  0.01 sys =  6.51 CPU) @ 1536098.31/s (n=10000000)
     silly: 4.13783 wallclock secs ( 4.14 usr +  0.00 sys =  4.14 CPU) @ 2415458.94/s (n=10000000)
  hellish2: 1.69636 wallclock secs ( 1.70 usr +  0.00 sys =  1.70 CPU) @ 5882352.94/s (n=10000000)
    te_tri: 1.70796 wallclock secs ( 1.70 usr +  0.00 sys =  1.70 CPU) @ 5882352.94/s (n=10000000)
     split: 1.03471 wallclock secs ( 1.04 usr +  0.00 sys =  1.04 CPU) @ 9615384.62/s (n=10000000)


which is quite an interesting result. My version was quite a good one until I have removed those which were slower AND buggy. Now not quite that fast anymore.

One important point: this is perl v5.18.1, and it seems that optimalisations in perl code matter.

Due to that may have happened the biggest surprise that hellish code was magnitudes slower than anything else due to many matching failures in matching the ending and now it ran quite good. The silly method gave fast results either which shows how slow the end matching still is.

But to my greatest surprise the winner was the split method using repeated matches, which was faster than the method used in Text::Trim module (which is using the fancy way of the fixed up hellish2 regexp pair), and not by a small margin but almost twice as fast. And, oh, ten times faster than my original. :-)

So now I know what to use. :-)

Taggalés english

Szerteszana²

grin agymenései