Category: privacy

Iran Prepares Itself for an Intranet

When countries start to heavily censor  the intranet,  it’s easy to imagine where  they’ll end up – running a State controlled intranet.  We can see it happening now in Iran, there’s news across the net reporting that the country is building up to it’s (ahem) democratic elections in June.   One of the steps they are taking is attempting to block all proxies and VPNs being used in the country.  It’s something China have been doing for years and although they have a much  more sophisticated approach it’s incredibly difficult to do – read here about the Chinese TOR probe.   Iran are reportedly trying to block all ‘non-approved’  VPNs and proxies basically to ensure that nobody is using them to avoid the countries growing content filters and blocked web site list.

Internet Access in Iran

Iranians will still be able to use the approved VPN providers, although why those who are  concerned with state spying and internet filtering would want to use these is completely irrational.   The reality is that it is an information war that the Iranians will lose, for every block or control they put up someone, somewhere will figure out a way around it.   For example you can block access to web sites and indeed VPN services in a variety of ways.

Create Blacklist of  Proxies and VPN Services 

This is what a lot of countries like Iran do initially and how many commercial filters work.  You just build up a database of specific IP addresses and URLs of known services and just completely block access to them.  This means that the user will not be able to make that initial connection to encrypt or bypass the content filters.  But there is a huge flaw with this technique, anyone with a little knowledge could set up a VPN or proxy service on a hosted server somewhere in minutes.  There are customised scripts and simple installations of proxies like Glype and Squid that can be set up by anyone on a shared server.  It’s simply impossible to keep track of all these servers – remember it’s the Iranian Regime’s IT workers VS the rest of the Internet – who’s your money on?

Deep Packet and Pattern Inspection

You can attempt a more sophisticated technique by trying to look inside the traffic and figure out when a VPN or proxy is being used.  Even if you control the internet boundaries in your country this is very difficult to do.  For a start it’s almost impossible to analyse every packet that leaves and enters the country via the internet.  The amount of resources you will use would be enormous, not to say you end up pretty much crippling internet access at the same time.  So you have to restrict your checks to certain patterns – perhaps selecting traffic leaving or using specific ports – maybe 443 for example.  This is still going to use an enormous amount of resources and of course there’s nothing to say a specific service has to use a specific port number for connection.

Just look at one of the configuration screens of my preferred security software – . >.


Just look at the options there in one screen for cloaking, modifying port redirection and simply changing individual elements of the connection protocol.   It’s extremely difficult to look for specific patterns when there is this amount of customization is available in the connection methods.  Of course most  security/VPN software don’t  offer anywhere near this level of sophistication, but the market would soon be created if there is a demand created by increased filtering.

Wrecking the Digital Economy

This might not be of concern to Iran, but for countries like China it is a very real issue.  Whether they like it or not any successful business needs the internet, if you start breaking or restricting the infrastructure they’ll simply go elsewhere.  Any multinational business will use VPNs to connect back to their corporate networks safely and securely.  Will they be prepared to use Iranian approved VPNs instead of the tried and tested commercial alternatives?  Every web site that is blocked, every VPN closed down makes it more and more difficult to operate in a specific country.  The benefits of a digital economy are eroded and a countries economy will without doubt suffer.  As mentioned it may not matter if religious and political ideals are the primary goal, but as we have seen from the Arab spring – economic woes causes revolutions too.

These are just a few simple reasons why many believe that the technological reasons mean that inevitably the level of control required by someone like the Iranian Government will lead to an intranet.  Just to clarify  that would involve blocking all access to the outside and internet and restricting access to content created and hosted in Iran.  Sounds fun, doesn’t it but Iran has been working on this since the Spring of 2011 and is the only way they can control what people see from their phones and laptops.  Of course they’ll be dragging the country back into the dark ages when they do it but perhaps that’s not a problem.

National Governments that Censor the Internet

According to Wikipedia, the term “internet censorship” is defined as “the control or suppression of the publishing of, or access to, information on the Internet.” Internet censorship is implemented by national governments or private organizations – delegated by governmental influences – for several reasons, with emphasis on: religion, moral issues and unlawful business schemes.

Enemies of the Internet List

Reporters without Borders (or “RWB”) is a French, non-profit organization that advocates freedom of information and press. This organization has compiled a list of countries that are deemed “Internet enemies” due to their methods of cyber censorship. The flagged nations are: Armenia, Bahrain, Belarus, Burma, People’s Republic of China, Cuba, Iran, North Korea, Saudi Arabia, Syria, Turkmenistan, Uzbekistan and Vietnam.

In 2009, Belarus was added to the “Enemies of the Internet” list, was subsequently removed, and was added again in 2012. In 2011, Egypt was added to the “Enemies of the Internet” list. In 2012, Tunisia was added to the list after being removed in 2011. Egypt was also removed in 2011 and was added again in 2012. The small kingdom of Bahrain was also added to the list in 2012.

Countries under Surveillance

The RWB further compiled an “Under Surveillance” list. Nations under this category are considered to give cause for concern about the possibility of increased Internet censorship. The current list spans the following countries: Australia, Egypt, Eritrea, France, India, Kazakhstan, Malaysia, Russia, South Korea, Sri Lanka, Thailand, Tunisia, Turkey and the United Arab Emirates.

The “Countries under Surveillance” list, introduced in 2008, listed 10 nations which used surveillance on users’ Internet activities or otherwise impeded people’s rights, without blocking massive amounts of information. Between 2008 and 2012 the number of countries listed grew to 16 but subsequently fell to 14. Jordan in 2009, Tajikistan in 2009, and Yemen in 2010 were dropped from the list.

Australia in 2009, France in 2011, Russia in 2010, South Korea in 2009, Turkey in 2010 were added.

Bahrain, Eritrea, Malaysia, and Sri Lanka dropped from the list in 2010, but were added again in
2011. Libya dropped from the list in 2009, added again in 2011, and then dropped in 2012. Venezuela was added in 2011 and then dropped in 2012.

Internet Freedom Setbacks

Azerbaijan, Libya, Malaysia, Pakistan, Rwanda, Russia, and Sri Lanka are seven nations that are at particular risk of suffering Internet freedom setbacks in 2013.  These nations are relatively free of government interference and censorship on the Internet for their citizens; however, they also maintain separate governments either known to be: a) repressive of freedom of the press in traditional forms of media, or b) they have recently introduced laws that significantly affect online freedoms of expression in negative ways for their citizens.

There are two ways to address internet censorship. The first is to change an IP address to an address under a non-censored nation.  The second is to access a search engine website that acts as a host by displaying all results through their site. Governmental censorship reduces freedom of expression, while simultaneously revoking basic, human rights. For more information on this cyber suppressive trend, refer to the Internet Censorship infographic found below.

internet censors




Reputation Management – Make Sure You Don’t Need it!

Imagine you’ve gone for a new job and just finished the interview, you think it went fairly well but one comment at the end still lingers in your mind.

That went very well Mr Adams I just need to check you out online now.

It was said in a jocular manner, but what did it mean?

The answer is that many employers now routinely check the internet for information on any new recruits.  Some employ specialist firms to look online and compile an extensive report on what information exists about you on the web.  Some will merely do a few searches, although it is surprising how much information you can pick up just by doing a few Google searches on full names and location plus a few more on sitesf like Twitter, Linkedin and Facebook for instance.

How much information you find obviously depends on the person, but for the younger generation there is normally a huge amount of background available.

For example I was asked to supply some references for a management consultant whom I know slightly.   She seemed competent enough, however I didn’t really know her that well to recommend her – so I did some searching online.  The quantity of information on her was quite surprising – several blogs, Facebook pages, loads of Tweets, photos and opinion pieces.  One long forgotten blog detailed a sort of online diary for a few weeks obviously at a difficult time – details of money and marriage problems, depression and treatments for stress.    There were also discussions about problems at work, employment tribunals and stuff like that.  If I wanted to I could have compiled quite a comprehensive dossier on this person extremely easily.

However there is a more sinister side to online information which can seriously affect your reputation.    This is what remains of a site called IsAnyoneBack – a rather sad and cruel web site.  The site encouraged anyone to submit explicit pictures of their ex girl or boyfriend for revenge purposes.  The owner of the site would also update each picture with Twitter and Facebook details of the ‘victim’.

The owner made money from advertisers on the site and promoted it extensively.  Eventually the owner – Andrew Myers pulled the site under threats from a variety of sources including a marketing forum called Wickedfire.

However because the images were updated with lots of personal information then they ranked highly in the search engines if you searched on their names.  Just to clarify – if an individual searched for a person’s name it was very likely that an explicit picture of the victim would appear on the first page or so.  This would of course be highly embarrassing for the victim.  The story behind this horrible site is told here , you can see that the owner is going to have his own online reputation problems to solve as well, would you employ this man?

This is the danger of any electronic media, the internet supplies the  capacity for it to be distributed to millions online in seconds.   What’s more you can’t remove it once it’s been posted somewhere – the image will live on somewhere as long as the internet exists  – on a backup, web browser cache or mirror site.  Think about the story of poor Amanda Todd who was blackmailed in a similar situation.

So think twice before sending your partner that racy picture, think what might happen to it if you split up especially if it’s acrimonious.   Be careful with your identity and protect yourself at all costs.


ID Thieves – Why it’s a Growing Industry

Well there’s one very good reason why there are so many id thieves, people are just a little bit stupid when it comes to the internet and stuff like social media.  I mean we all know people who post every facet of their lives online.

Stuff like –

  • where they are,
  • what they are doing
  • who they are with, etc,etc

There was actually a web site which actually collated all this ‘check in data’ together with social comments to predict what people were doing, where they lived etc.  It’s been taken down now, but I’m damn sure it’s still being used somewhere to target people for identity theft or just old fashioned burglary.

Imagine this, a hi-tech thief could easily sit and target wealthy individuals from their home.  Wait until he receives an alert that they are on holiday, a rough approximation of their home plus some useful further information – perhaps a couple of photos of their house, type of car etc.  Locate the house, whilst they are in Florida for three weeks then make their getaway.  It’s not far fetched as it’s perfectly possible now.

Here’s another example of how people ‘leak information’ online – got to a Google search pages and type this – index.of.dcim

What you will see is pages and pages of links to peoples photo’s which have been backed up or dumped online.   Some will be aware these are public, many will not and most contain lots of useful information for identity thieves.    Many of these directories have been dumped directly from a digital camera or a smartphone.

For example I looked on the first few pages and found photo’s of a French couple, but also in a sub-directory was a selection of business documents including letters, lists of competitors and rates plus loads of other sensitive stuff.  Their photo directory also had pictures of the family, house, cars and holidays – a huge amount of data for anyone involved in identity theft.  I obviously won’t post anything up but believe me it took no more than ten minutes of browsing with no special tools to find the following –

  • Names of all the family
  • D.O.B of two of them
  • Full Home Address
  • Company Name and Address
  • List of Business Competitors and Rates
  • Company Directors and Shareholders
  • Car Registration Numbers
  • Various numbers – one looked like a French Social Security Number

This stuff is a gold mine for an identity thief looking at making money out of your identity.  The method might vary – applying for new credit cards in your name, reissuing your current cards and intercepting them or perhaps they need a false passport or drivers licence.    Armed with this sort of personal background their are so many options perhaps they’ll keep the attack completely digital and try and gain access to your online accounts instead.  One things for sure there’s a whole host of possibilities for the clued up cyber criminal and no end of problems for the victim.

It’s not just camera’s though there are searches for smartphone and even these for video cams – lots of them legitimately open to the internet.  But scroll though and you can see many of them set are up to watch homes and businesses.   Just search for these terms –


camera – user login”

SNC-RZ30 Home

Basically if you’re only a little bit worried about your digital identity leaking online, then you’ll need to move up to a much higher plain of paranoia.  Wait till you see my next few posts !!!

Managing Your Digital Identity

I don’t know why but a couple of years ago I accepted a huge rush of Facebook friend request from my old school friends.  Many of  them I had never even seen for over twenty five years, and worst I didn’t even like many of them.  But the social networking site works like that drawing you in and ‘connecting you’ even when you don’t really want to.

Of course it’s interesting seeing how people are getting on, although I strongly believe that the better your life looks on Facebook the worse it is in reality.  I mean who goes to a fabulous party, stands in the middle and starts posting the fact up to your Facebook status page.  I mean I look at Facebook at work when I’m bored shitless, certainly not in the middle of some wild party!

It made me think how much of these updates are true, after all what better way to piss off all the people you didn’t like at school than by posting what a fantastic life you have.   Unfortunately although my life is pretty ok –  job, house, wife and children etc – it’s not going to inspire mad jealousy.   But who says it has to be true, armed with a bit of spare time, a few dollars and a flexible sense of the truth you could just make it all up.

So how about some hot chick interacting with you on your Facebook wall to start?

Don’t know any ? No problem if you got $5, get yourself over to  and choose one.  There are a host of beauties who will pretend to be your wife/lover/girlfriend online for a week for $5.

Here’s one I chose, she’s rather nice and I’m sure my old school friends will be impressed to see her.   But don’t worry if she’s not suitable there are tons of others there, in fact you could spend $20 and have a few fighting over you all on your Facebook wall !  I was playing around with my proxy français, before and perhaps another young beauty flirting with me from Paris might add a little more glamour too!  Don’t worry ladies, there are plenty of blokes on there as well.

Ok so it’s just a bit of fun, but there is a serious side especially with Governments around the world planning on harvesting this  data (usually justified as part of some Anti-Terrorist investigation).  This digital identity is growing for all of us – every time we do anything online – pay our bills, arrange car insurance or pay a young lady from Portugal to pretend to be our Facebook girlfriend.  It’s logged and recorded and potentially anyone could get access to this sort of information.

So be careful what you do online, it’s not just the obvious issues like posting up your location all the time and notifying every burglar that your house is empty.  There are bigger, more intrusive games being played and if anyone believes that the authorities can be trusted with this level of information then I suggest checking how the West Yorkshire Police behaved after the Hillsborough disaster.