security information

Wherever you go on the internet, Big Brother can go there too. Revelations by Snowden and others have shown the kinds of dark powers that states and corporations have to track and record us basically everywhere. (This is one decent article on the issues.)

Even so, there are things we can do to better guard our privacy and security. Nothing is 100% safe if authoritarian forces really want to throw serious resources at you. But we can make surveillance and interference much harder and more expensive.

There are quite a few guides to internet security out there. Here is one introduction. Here are just a few very basic points which relate to this site.

Privacy and IP logging

Every internet connection, like the one you are using now, sends out a unique ‘IP address’, which can be used to locate you. Many websites record all the IP addresses of the people who visit them. We (the admins of this site) do not see or record any IP addresses of viewers of this site. In fact, we do not have any tools to do this. We also trust that the people who host this website don’t record IP addresses either.

However: even if you believe us, we certainly can’t guarantee that dark forces have not found ways to trace people connecting to this site. If you don’t want your internet activity to be tracked, you should think about what locations you access the internet from; and use tools such as Tor, which are built for anonymous browsing.

Encrypted connection

When you use the internet using the standard ‘http’ protocol, all the information you send and receive from websites is easily visible by anyone who has access to your connection. For example, by anyone with a few skills who can get onto your wifi connection.

To be more secure, the basic tool is the ‘https’ protocol which involves encrypting the information flowing between your computer and website you are visiting. For example, https is used routinely for webmail or for financial transactions (banking, shopping, sending money) over the internet. But it is a good idea, in fact, to use it for all your internet activity.

It is easy to switch to an encrypted version of any website: you just need to go into the address bar at the top of your browser and type ‘https’ instead of ‘http’ (or if there is no ‘http’ at all, add https:// at the beginning of the web address). E.g., ‘https://rabble.org.uk’ instead of ‘http://rabble.org.uk’ or ‘rabble.org.uk’.

You can also go straight to the encrypted version of this page by clicking here.

Check out this great visual guide to Tor & https.

Certificates

If you are using an encrypted ‘https’ connection, this should mean that the information you send and receive is visible to you and the website you are visiting. Any eavesdropper will only see a string of meaningless jibberish.

But there is a further problem: how can you know that the website you are communicating with is really who it says it is? In what is commonly called a ‘man in the middle’ (MITM) attack, your attacker manages to get in the ‘middle’ of the conversation by impersonating the wesbsite you think you are talking to. Your conversation is indeed encrypted, but you are talking to the enemy.

To avoid MITM attacks, you need to have some way of being sure about who you are talking to. The standard way of doing this on the internet is for a website’s identity to be verified with an electronic certificate, which is issued by a body called a ‘certificating authority’.

There are real problems with the certificate system as it currently works. One is that the main certificating authorities (CAs) are organisations linked to the US state and corporate regime. The main internet browsers (firefox, chrome, explorer, etc.) recognise these corporate CAs, automatically accepting as genuine the certificates they issue.

This website does not use a corporate CA. Instead, our certificate is issued by inventati/autistici, whom we have more trust in. A problem, though, is that the inventati/autistici certificate is not automatically recognised by your browser. This is why a warning screen comes up when you go to https://rabble.org.uk for the first time. Also see here for a more detailed explanation.

To get past this warning screen you can just click on ‘add exception’. This is a temporary solution, but doesn’t do anything to protect you against MITM attacks. The more secure thing to do is to install the autistici/inventati root certificate, so that your computer recognises them as a legitimate certificating authority, and thus accepts our certificate as verified. To learn how to do this, see here.

Comments are closed