I was just doing some reading about a new p2p client called Alliance. It’s a cross-platform program (the main project homepage only offers the EXE, but for Linux and Mac jarfile, go here) that marries social networks and file sharing; sort of like instant messaging meets BitTorrent. Instead of joining a large network of unknown peers and sharing a file, you construct your own network of trusted peers.

For example, Joe Q. Paranoid installs Alliance and adds his old college buddy, Hubert P. Piratepants as a trusted peer, as well as a few other people he knows and trusts. Together, they make up a private network that can transfer files back and forth from designated shared directories. If the file is present on more than one peer’s computer, it works like BitTorrent, using the multiple peers to increase the download speeds. There’s also a chat feature, letting you communicate with the people in your network.

Another great feature is encryption. By default, Alliance uses a rather simplistic encryption algorithm. SSL and AES are available as an option, but as of the current version (0.9.8), they are both in an experimental stage.

Overall, Alliance looks really fucking sweet. I haven’t had the chance to install and test it as of yet, but definitely plan on it.

I’ve been waiting for an extension like this for years. FireGPG lets you encrypt, decrypt, sign and verify text using GPG from the context menu. Currently, it only works with Gmail, but that’s fine since that’s what I use for most of my important email.

At some point last year, I switched from Gmail’s browser interface to using it with Thunderbird, so I could make use of the Enigmail extension, as well as pull in all my other email addresses (work, domains, spam-pits) in one place and I think I’ll continue to use it, but the ability to just browse to Gmail and not have to copy, paste, fire up a terminal, copy and paste again is absolutely great.

FireGPG currently works with Windows and Linux. OSX is out of luck, but I see on that on the exension’s page that the developers are actively looking for help in porting it. Awesome.

I’ve got a black feeling this morning after reading that the Supreme Court is requiring all US companies to store employee email and instant messaging. It’s fucking ridiculous, not only in burden of cost for companies to store that data, but in the loss of privacy and reality of it’s usefulness.

Anyway you look at it, it’s a punch in the balls for personal privacy. Slap a jock strap on that shit and be a man. Start using encryption. Check out GPG for encrypting email and personal files. If you use Thunderbird as an email client, there’s a real handy plugin called Enigmail that makes phasing in encryption pretty damn simple. For Instant messaging, switch to GAIM (cross-platform), Adium (OSX) or Kopete (KDE Linux). All three have some form of built-in encryption or plugin available. Adium and GAIM both can run OTR, an encryption and plausible deniability plugin. Kopete uses GPG to encrypt and as far as I know, there’s not another client that does that (there’s a plugin for GAIM, but I hear it doesn’t work well with more recent versions).

All these programs are free and open source. If you’re not using anything, I’d suggest you seriously consider it. For web browsing, think about using a proxy, like Tor or if you have the skills or patience to set it up, SSH tunnel to an outside server running squid (here’s a link to how I do it). If you don’t have access to a server like I’ve got, you can run squid on your home computer and connect to it from work. If you don’t have a static IP at home, you can use a free service like No-IP to get access. ISPs don’t like customers running servers out of their home, but if you SSH tunnel it, your chances of getting noticed are pretty nil. I tunnel squid to a remote server I keep and it works very well. I also have Tor installed on all my machines and run it as a server on my remote machine to give back to the network. It’s doubtful you need a proxy for all the web browsing you do in the course of a day at the office, but the option for security and privacy is good to have (not to mention the ability to get around restrictive firewalls).

If you don’t care about all this, so be it. Maybe that’s fine for you. But, depending on who you are and what you do in your life and for a living, you might want to take heed especially if you give a damn about your personal rights and privacy.

While I’ve known that Gmail uses SSL to log in, someone recently pointed out to me that while my password is sent to Google fully encrypted, once logged in, all pages that I view are sent via http, meaning that all the emails I read and send can be scooped right out of the ether at any open hotspot.

One remedy I found is to manually change the address from
http://mail.google.com/mail/ to https://mail.google.com/mail/
and for that session, you should be using https and all the pages you view in Gmail will be encrypted. Very cool, but I have to remember to manually check this every time I log in. I smoked way too much weed as a teenager. Half the time I don’t even know what day of the week it is. No lie. How am I supposed to consistently remember this?

Looking further, I found this great extension for Firefox that takes care of the problem for me. CustomizeGoogle lets you set a whole mess of options for a variety of Google services. I won’t get into most of the details since they don’t apply, but check them out because a lot of them are pretty cool. One option that is relevant is that once installed, you can set an option for Gmail to always use https by default. Just check off that one option and from that point on, you have worry-free, encrypted Gmail sessions as a default. Pretty damn useful. CustomizeGoogle also lets you set an https default option for Google Calendar as well. Even sweeter.

Unfortunately, Safari, Konqueror and other browser users are out of luck (IE users, you deserve what you get.) with this extension, so unless there’s something else out there, they have to manually check the session every time or set a bookmark using https in the URL and be consistent about accessing Gmail through that bookmark.

Dongle! It’s true, the only purpose of this post is to use “dongle” as many times as possible. Dongle, dongle, dongle. *sigh*

Seriously though, daveb has been struggling all day with a technical conundrum and endless googling turned up scarce and confusing info. Having finally figured it out, he feels bound to post the steps as simply as he can so that other brain-damaged squirrel humpers like himself can get the job done. With that said, daveb presents to you:

How to install your GPG keys to a USB dongle for WIN XP

1. Install the latest binary version of GnuPG
2. Attach your USB dongle and create a folder named keys, or whatever’s appropriate for you. If you have pre-existing keyrings, place them here.
3. Open REGEDIT (START > RUN > type regedit)
4. In REGEDIT, navigate to HKEY_CURRENT_USER\Software\GNU\GnuPG
5. Right click in the folder and select NEW > STRING VALUE
6. Name it “HomeDir” (without the parenthsis, of course)
7. Right-click the entry and select MODIFY.
8. Under VALUE DATA, type the full path to your desired key folder. For example, daveb’s is F:\keys\ (”F” being the USB dongle). Hit OK.
9. Open a command prompt and type “gpg –version” or “gpg –list-keys”. Check for the Home that is listed, it should now be your dongle and any keys in that folder should now be listed. You’re done!

Now that you’re finished, use a file-shredding program like Eraser to destroy any locally saved copies of your keys. With that done, the only way to encrypt or decrypt with your keys is to have possessin of the dongle. So, keep it safe. You also might want to consider hiding a backup on floppy somewhere (safe deposit box, deserted island, anal cavity) due to the fact that although dongles last a long time, they do have a write-life, depending on your model.