Killing the Golden Cloud II: what can one do about the ‘black state’s’ greed for data?
In a previous blog (http://bit.ly/10W2IYH) I described how the ‘black state’ (that which Mr Snowden uncovered) may damage both what governments may wish to obtain and many cloud vendors’ aspirations — if the ‘the little people’ (you and me) act. In this blog I am going to write from a more personal level about the actions I propose to research and then take in order to make it harder but, more importantly, more expensive for governments to obtain what they could have had simply by asking.
My starting position has been not to consider what I have to hide: so far as I know, I have little of interest at all (apart from sundry financial details and the like). Instead my starting position has been to divide my data and activities into two broad categories — business and personal (where there any ambiguity exists, then that needs to be included in the personal):
- for the personal, all information will need to be taken out of public systems into some form of private system; such a private system would require the state to obtain court authorization to obtain legal access
- for the business element, at least initially, all can remain ‘as is’ (including Twitter and LinkedIn) because this is already transparent; later, if the actions taken for my private information are successful, it is likely that simple economics will require the same treatment to be applied to business information.
What does this mean in practice?
I have now started what will undoubtedly be a tedious process of removing information from and shutting down all personal Facebook, Google, Hotmail/Outlook.com, Skydrive, Dropbox, Skype, Yahoo, iTunes/iCloud and many other similar accounts.
One common rule for the future will be — do not sign up for any long term service which is located in the USA or UK or is owned by a US or UK organization. I did sign up for Lacie’s Wuala, because it has servers located in Germany, France and Switzerland. Lacie, however, was bought by Seagate which, by coincidence, delivered the final nail in deciding that storing information in a public cloud was no longer rational. Continental Europe is better (though probably not France where dirigisme rules) and Canada better still as a location for the what I plan to implement. Best of all is Switzerland (thank you Peter Houppermans, of the Privacy Club).
In addition, I am changing my behaviour on mobile devices, such as not authorizing location unless I have a specific need, as well as alternating between devices/SIMs, and even switching off (or going into plane mode) mobile devices n occasion, etc. Plus I will be introducing multi-country VPN access so that it is possible to shift the entry/exist point where one accesses the Internet. (Of course, this makes nothing inherently more secure, just more expensive for the black state — which is the objective.)
I have also added DoNotTrackMe (https://www.abine.com/dntdetail.php) to Chrome, Firefox IE and Safari browsers. This already appears to be worthwhile: in less than 4 weeks on Chrome alone more than 25000 tracking attempts have been blocked on Chrome alone. Sorry, Google, Microsoft, Yahoo and others: if your ad business model depends on my data I am happy to deprive you of it because of your faux-ami atitiude to your customers while being in bed with the black state. (there aremany other additional tools which will need examination and later installation.)
The next step is to build a private server to be located on private premises. Most likely this will be based on open source solutions and offerings. These are attractive partly for their lack of overt cost other than the time to administer) but even more so because the nature of open source is that many contribute and watch what is going on: this makes it harder for the black state to meddle and is less susceptible to the pressures that the black state can apply to big operators (like Google, Microsoft, Facebook, Yahoo, Dropbox, et al).
LAMP (Linux, Apache, mySQL and PHP) plus a mail server will represent the core. If something like Owncloud (www.owncloud.org – your personal, but encrypted, Dropbox-equivalent) works, then adding this will provide Dropbox/Skydrive/etc storage. Again, this will not make everything much more secure but it will make it harder (as in more expensive) for those who claim to operate in our name but don’t ask …
After this consideration has to be given to adopting TOR and server-side encryption. As its web page (https://www.torproject.org/) says “Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.” TOR is not perfect, but it may be incrementally useful. Encryption is not simple, but needs to be applied, if it is practical.
If all this works, and about 75% is already up and running, then the final step will be to describe in more detail and in simple terms how others can do the same. If only I do this nobody will care because I am unimportant. If, however, many others of the ‘little people’ start to do this, then the impact could be (not necessarily will be) profound.
Having written all the above, the ironies are multiple:
- I may end up with an improved infrastructure that I had been about to outsource to public cloud providers
- public cloud providers could find the basis of their business model changes from under their feet (because they cooperatedor were forced to cooperate with the black state against their customers)
- the online ad market market could change (everyone should install software to prevent tracking, whether on PCs, tablets or mobile devices)
- the black state may be inhibited, just what it does not want
- governments may have to pay much more to obtain what their black state operatives want
- the whole effect would have been avoidable had government been up front and open by asking for permission which I, and most others, would almost certainly have given.
Except for the first point, what a waste of time … But, one has to ask onself, when will governments ever learn — as the following tongue-in-cheek piece (sent to me from Canada) so elegantly summarizes:
“Scientists at CERN in Geneva have announced the discovery of the heaviest element yet known to science
“The new element is Governmentium (Gv). It has one neutron, 25 assistant neutrons, 88 deputy neutrons and 198 assistant deputy neutrons, giving it an atomic mass of 312.
”These 312 particles are held together by forces called morons, which are surrounded by vast quantities of lefton-like particles called peons.
”Since Governmentium has no electrons or protons, it is inert. However, it can be detected, because it impedes every reaction with which it comes into contact.
”A tiny amount of Governmentium can cause a reaction normally taking less than a second to take from four days to four years to complete.
”Governmentium has a normal half-life of 2- 6 years. It does not decay but instead undergoes a reorganisation in which a portion of the assistant neutrons and deputy neutrons exchange places.
”In fact, Governmentium’s mass will actually increase over time, since each reorganisation will cause more morons to become neutrons, forming isodopes.
”This characteristic of moron promotion leads some scientists to believe that Governmentium is formed whenever morons reach a critical concentration. This hypothetical quantity is referred to as critical morass.
”When catalysed with money, Governmentium becomes Administratium, an element that radiates just as much energy as Governmentium since it has half as many peons but twice as many morons. All of the money is consumed in the exchange, and no other by-products are produced.”