Posts Tagged privacy
After my first look, I’m back exploring the other apps on my Blackphone. See my Full Disclosure of my friendship with the Silent Circle guys and my work on the ZRTP security protocol used in the Blackphone. Today I’m trying out the interestingly named Disconnect Secure Wireless application, basically a VPN (Virtual Private Network) service. Given that this app is all about making connections, having it called “Disconnect” is a little odd. The name probably makes more sense with their ad and malware blocking services. According to their FAQ: “Secure Wireless uses AES-256 to encrypt data to or from your device. Secure Wireless also enforces Diffie-Hellman for key agreement/exchange which provides perfect forward secrecy (PFS).” which is all good. Out of the box, the Disconnect Secure Wireless application takes you through a short tour of the service. Essentially, it is a VPN service that can be easily enabled/disabled and also automatically enabled/disabled based on a preference for a given network. It seems this application is only available on Android, as the iOS version seems to not be a VPN but be an add blocker of some type. Disconnect Secure Wireless starts off with a free service of 512MB per month which you would blow through very quickly if you used it for everything. By putting the Blackphone activation code into the Account screen, you get 2GB per month, which seems reasonable if you use it sparingly, such as WiFi hotspots or when traveling.
Using it is easy – tapping the middle of the screen starts the VPN. When turning it on, you get two warnings:
The first reminds you that, since this is a VPN service, all the device network packets will be routed through it. Essentially, this app is a Man-in-the-Middle (MitM), although hopefully a trusted MitM. You must tap the “I trust this application.” in order to proceed.
The next warning tells you that once turned on, the VPN will always run for this network, until you turn it off. This is a good warning from a usage perspective.
Next you get a Connecting message and the middle of the screen turns green and indicates bandwidth usage for the month to date. One interesting thing – while I did notice the bandwidth usage rise with normal web browsing, I did not notice it go up during lengthy Silent Circle voice calls. In general, for a VoIP call such as silent circle, you can use up to 1MB per minute, depending on the codec. Perhaps the packets from Silent Circle aren’t tallied by Disconnect against the VPN quota. Or maybe I just got lucky…
The VPN speed seemed reasonable, although a speed test during a Saturday afternoon isn’t exactly scientific. Compared to just my WiFi over Cable Modem, it was slower, of course. The VPN has a location configuration for North America, Europe, or Asia. I’ll need to try it other times of the day to see how well it works.
The default search is also provided by Disconnect, although this can be changed. A DNS failure in the browser automatically brings up a https://search.disconnect.me search window for the failed string. It does show the Google “G” symbol, however, indicating that it is not an actual search engine. Instead, as described here, Disconnect Search forwards you request to the engine of your choice (Google, Bing, Yahoo, DuckDuckGo, or Blekko) and anonymizes it. You can also use it in any browser at https://search.disconnect.me/ So, Disconnect Secure Wireless does what it promises to on the Blackphone.
Your suggestions, comments and questions are most welcome!
The media has been buzzing the past day or so about “Operation Facebook” which was announced on YouTube by Anonymous. Anonymous is the hacker collective made famous for their attacks in support of Wikileaks earlier this year. Their type of politically motivated hacking is quite different from the profit motivated cyber crime hacking I write about in my novel “Counting from Zero”.
While this has been big news, other Anonymous sources have disavowed the attack. Whether this was planned then abandoned by Anonymous, or in fact just the work of Anonymous wannabes isn’t at all clear. Whether there is a actual attack planned or they are looking for zero day exploits is also debatable.
Regardless, everyone should be careful what information they post on social media sites such as Facebook. Your privacy depends on a lot of factors, including your own privacy settings, the privacy settings of your friends, the security of your computer and your friends computers, and ultimately the security of the entire Facebook site. You should not post anything to Facebook that you wouldn’t embarrass you if it showed up on Wikileaks next week.
I was interviewed on KMOV-TV News last night about this issue. You can watch the short segment here.
With regards to Facebook privacy, there is another less well known issue – Facebook tracking of your web browsing using widgets, but this is a topic for another day…