Privacy Story

The EFF is “collecting stories from people about the moment digital privacy first started mattering in their lives”. They also ask to share the stories on Twitter using the hashtag #privacystory. Here is my story, even if I’m not on Twitter. Feel free to share anyways, as usual under CC BY-SA 4.0.

I insist that my wife and I have got a right to privacy for our communication. Not only do I defend that right when we are in the same room, but also when we communicate over the Internet. Actually, I even dare to suggest that all people have got that right. (This point of view probably sounds radical to some; once upon a time such thoughts were worthy enough to be embedded into the Universal Declaration of Human Rights—see Article 12 there.)

For a long time I took that right for granted and believed that we in Germany and Europe did not need to fight for it. That belief was shattered in 2006 when the European parliament passed the Data Retention Directive: Throughout Europe, so-called metadata about the electronic communication (e-mails, phone calls, texts) of every law-abiding citizen was to be stored for 6 months, without any probable cause.

In response, I became interested in cryptography and anonymity networks to defend my human rights against unconstitutional violations. I have been using and advertising tools for digital self-defense since then. At the Internet Archive’s Wayback Machine you can still access an early version (August 2006) of my German website to spread knowledge about such tools.

Briefly, I recommend that you (1) educate yourself about and then (2) use free (not necessarily gratis) software to protect your online privacy, namely the Tor Browser for Web surfing, GnuPG to encrypt your e-mail, and messengers based on XMPP such as Conversations (or alternatively Signal).

GNU Emacs under Qubes OS

A few weeks ago I installed Qubes OS on my PC at work. The project’s self-description is as follows:

Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.

Essentially, under Qubes you run different virtual machines (VMs), which are more or less isolated from each other, for different purposes. For example, you can use a so-called vault VM (that has no network connection) with Split GPG to keep your GnuPG keys in a safer place than would usually be possible on a single OS (you do encrypt your e-mails, don’t you?). Qubes also includes Whonix, a desktop OS that itself is based on virtualization to provide an environment from which all network traffic is automatically routed through the Tor anonymization network. In case you do not know Tor yet, I recommend that you invest some time to learn about that project and its role for digital self-defense.

VMs in Qubes are started from so-called templates that cannot be modified from inside the VM. So if you install software inside a VM (or some malware does so), those changes will be reverted when you close the VM.

A major feature of Qubes is the so-called disposable VM (dispVM for short) mechanism. A dispVM can be started quickly from a fresh template to host a single, potentially dangerous application such as a media player or an office tool; once the application exits, the dispVM (including potential changes from the template) is destroyed. The dispVM functionality also includes services that convert untrusted PDF or image files to a trusted format which can be viewed safely in other VMs. Finally, from inside your “normal” VMs you can also start a dispVM application on a designated file of the “normal” VM; if you change the file’s contents inside the dispVM, the changed file version replaces the original version of the “normal” VM when the dispVM is destroyed. For example, you can open and edit doc files saved from e-mail attachments (which are potentially dangerous) in LibreOffice inside a dispVM.

All of the above is pretty cool, and I use those features on a daily basis. By default, however, those feature are integrated into applications that I do not use, such as Thunderbird for e-mail or Nautilus as file manager. For my favorite work environment, namely GNU Emacs, some configuration is necessary.

For GnuPG in Emacs, you should really use EasyPG, which has been the default for some years. To make use of Split GPG in Qubes, you need to configure epg-gpg-program to invoke a wrapper program that communicates with the vault VM:

(customize-set-variable 'epg-gpg-program "/usr/bin/qubes-gpg-client-wrapper")

The above configuration is sufficient if you compiled Emacs from the Git repository (March 2017, after bug#25947 was fixed). Otherwise, you need this:

(require 'epg-config)
(customize-set-variable 'epg-gpg-program "/usr/bin/qubes-gpg-client-wrapper")
(push (cons 'OpenPGP (epg-config--make-gpg-configuration epg-gpg-program))

If you rely on signatures for Emacs’ package mechanism and if your Emacs is recent enough to have the variable package-gnupghome-dir (April 2017), you need to customize that to nil:

(setq package-gnupghome-dir nil)

Otherwise, as a temporary fix you may want to modify the script qubes-gpg-client-wrapper to ignore the unsupported option --homedir (in the template VM, similarly to how keyserver-options are removed with a comment on Torbirdy compatibility).

For an integration of dispVM functionality into Gnus and Dired, you may want to take a look at qubes.el. Briefly, that library provides functionality to browse URLs and open or convert files and e-mail attachments in various VMs, depending on user customization.

Here is my relevant snippet from ~/.emacs:

(require 'qubes)
(setq browse-url-browser-function 'qubes-browse)

;; Also allow to open PDF files in Disposable VMs.
;; Add the following line to ~/.mailcap:
;; application/*; qvm-open-in-dvm %s
(require 'mailcap)

;; Define key bindings to work on files in VMs.
(add-hook 'dired-mode-hook
	  (lambda ()
	    (define-key dired-mode-map "ö" 'jl-dired-copy-to-qvm)
	    (define-key dired-mode-map "ä" 'jl-dired-open-in-dvm)
	    (define-key dired-mode-map "ü" 'jl-dired-qvm-convert)

(add-hook 'gnus-article-mode-hook
	  (lambda ()
	    (define-key gnus-article-mode-map
	      "ä" 'jl-gnus-article-view-part-in-dvm)
	    (define-key gnus-summary-mode-map
	      "ä" 'jl-gnus-article-view-part-in-dvm)
	    (define-key gnus-mime-button-map
	      "ü" 'jl-gnus-mime-qvm-convert-and-display)
	    (define-key gnus-article-mode-map
	      "ü" 'jl-gnus-article-view-trusted-part-via-qubes)
	    (define-key gnus-summary-mode-map
	      "ü" 'jl-gnus-article-view-trusted-part-via-qubes)

I chose umlauts for key bindings as dired and Gnus seem to have assigned bindings for most keys already. Feel free to adapt.

Web-Seite zur informationellen Selbstbestimmung überarbeitet

Auf meiner Web-Seite zur informationellen Selbstbestimmung im Internet habe ich größere Änderungen in zwei nichttechnischen Abschnitten vorgenommen. Einerseits habe ich die Diskussion des faulen Arguments, Privatsphäre im Internet sei angesichts von Datenkraken und Massenüberwachung nicht möglich, besser strukturiert. Andererseits ist der Abschnitt zum Nothing-to-Hide-Argument ebenfalls neu strukturiert und erweitert. So stelle ich unter den kafkaesken Problemen des Verlusts unserer Privatsphäre nun konkretere Beispiele wie die Schwangerschaftserkennung anhand von Analysen des Kaufverhaltens, die Erstellung von Persönlichkeitsanalysen (1) anhand von Facebook Likes und (2) anhand von Sprachanalysen sowie die Manipulation von Entscheidungen durch Nudging vor.

Über Anregungen zur Erweiterung würde ich mich freuen.

You need Tor, and Tor is asking for your support

For decades, privacy and freedom of thought and expression have been valued as human rights. Please take a moment to read articles 12, 18, and 19 of ↑The Universal Declaration of Human Rights dating back to 1948.

In free, democratic countries we took those rights for granted. Even without knowing or caring about human rights, among family and friends we chatted without being overheard, we shopped anonymously and paid with cash, we walked the streets anonymously without being afraid of unknown strangers crossing our paths. In libraries we read books and newspapers while nobody spied on our interests.

That situation has changed dramatically in recent years with two noteworthy twists. First, in an article worth your time Eben Moglen explained in 2013 (predating the Snowden disclosures!) how we have ↑entangled ourselves in the Net. We surround ourselves with all kinds of “smart” devices such as phones, smart watches, smart meters, smart TVs, e-book readers, glasses, cars, all of which have eyes and ears of their own, monitor our location, our communication, our behavior most—if not all—of the time. Apps in those devices transmit what they observe into the Net, under incomprehensible privacy piracy policies. Once in the Net, that data is traded, stolen, re-purposed—beyond our control, consent, or knowledge.

Second, for reasons that I cannot comprehend, (even) democratic governments seem to assume that our human rights do not need to be respected on the Net. They demand openly and enforce covertly access to our communication, to our data, effectively—the more we entangle ourselves in the Net—to our lives.

If you believe that the human rights to privacy as well as freedom of thought and expression should also be your rights, even if you move on the Net, you must learn and practice digital self-defense. Essentially, you need to choose apps and tools that respect your freedom and privacy, which requires ↑free software based on strong cryptography. For example, to protect your e-mails you may want to use ↑GnuPG as explained in ↑this guide to e-mail self-defense. As messenger you may want to switch to ↑Signal. For Web surfing you may want to use the ↑Tor Browser.

Tor is cutting-edge anonymity research turned into easily usable free software. Briefly, Tor re-routes your network data through randomly selected relays on the Net, thus hiding who is communicating what with whom. More information on how Tor works can be found on the ↑Tor overview page and in the ↑Tor FAQ. Tor is built by a non-profit organization that is currently asking for ↑donations.

Make sure to read the ↑download warning and try the ↑Tor Browser today. It’s easy to install and run. Be warned, however, that surfing will be slower in general and that some misguided sites may refuse to load unless you solve a ↑captcha (which may or may not go away if you reload the page via “New Circuit for this site” from Tor Browser’s menu underneath the onion icon).

If you like Tor, the project is asking for your ↑donations, and you are in good company: ↑Edward Snowden and Laura Poitras use Tor. Security guru ↑Bruce Schneier recommends that you use Tor.

If you don’t like Tor, you can help to ↑improve it.

And, as a final remark, if you believe that Tor is being misused by “bad guys,” then, of course, you are right. Tor, just like about any other tool created by mankind, can be used by law-abiding citizens as well as by the scum of the earth.

Wieder wider Vorratsdatenspeicherung

Verfassungsbeschwerde bei Digitalcourage e.V. unterstützen (CC BY-SA 3.0 Digitalcourage e.V.)

Wir haben in Deutschland wieder die Vorratsdatenspeicherung (VDS), und das ist schlecht. VDS bedeutet flächendeckende, anlasslose Überwachung des Kommunikationsverhaltens der gesamten Bevölkerung, was gut zu totalitären Regimes passt, aber nicht zu demokratischen Gesellschaften.

Wer das nicht so verfolgt: Es gab in Europa schon mal die VDS, per EU-Richtlinie. Die entsprechende Umsetzung in Deutschland wurde 2010 vom Bundesverfassungsgericht für verfassungswidrig erklärt. Die gesamte Richtlinie wurde 2014 vom Europäischen Gerichtshof für ungültig erklärt, weil sie unsere Grundrechte auf Achtung des Privatlebens und auf den Schutz personenbezogener Daten verletzt. Nichtsdestotrotz haben wir jetzt wieder eine per Gesetz verordnete VDS, im Oktober vom Bundestag beschlossen, am 6. November vom Bundesrat abgesegnet.

Der Verein Digitalcourage bereitet eine Verfassungsbeschwerde vor und bittet um Unterstützung. Macht mit!

Außerdem ist es natürlich notwendig, digitale Selbstverteidigung zu lernen. Wie das mit freier Software geht, stelle ich anderswo dar.

Firefox with Tor/Orbot on Android

In my previous post, I explained three steps for more privacy on the Net, namely (1) opt out from the cloud, (2) encrypt your communication, and (3) anonymize your surfing behavior. If you attempt (3) via Tor on Android devices, you need to be careful.

I was surprised how complicated anonymized browsing is on Android with Firefox and Tor. Be warned! Some believe that Android is simply a dead end for anonymity and privacy, as phones are powerful surveillance devices, easily exploitable by third parties. An excellent post by Mike Perry explains how to harden Android devices.

Anyways, I’m using an Android phone (without Google services as explained elsewhere), and I want to use Tor for the occasional surfing while resisting mass surveillance. Note that my post is unrelated to targeted attacks and espionage.

The Tor port to Android is Orbot, which can potentially be combined with different browsers. In any case, the browser needs to be configured to use Tor/Orbot as proxy. Some browsers need to be configured manually, while others are pre-configured. At the moment, nothing works out of the box, though, as you can see in this thread on the Tor Talk mailing list.

Firefox on Android mostly works with Orbot, but downloads favicons without respecting proxy preferences, which is a known bug. In combination with Tor, this bug is critical, as the download of favicons reveals the real IP address, defeating anonymization.

Some guides for Orbot recommend Orweb, which has too many open issues to be usable. Lightning Browser is also unusable for me. Currently, Orfox is under development (a port of the Tor Browser to Android). Just as plain Firefox, though, Orfox deanonymizes Tor users by downloading favicons without respecting proxy preferences, revealing the real IP address.

The only way of which I’m aware to use Firefox or Orfox with Tor requires the following manual proxy settings, which only work over Wi-Fi.

  1. Connect to your Wi-Fi and configure the connection to use Tor as system proxy: Under the Wi-Fi settings, long-press on your connection, choose “Modify network” → “Show advanced options”. Select “Manual” proxy settings and enter localhost and port 8118 as HTTP proxy. (When you start Orbot, it provides proxy services into the Tor network at port 8118.)

  2. Configure Firefox or Orfox to use the system proxy and avoid DNS requests: Type about:config into the address bar and verify that network.proxy.type is set to 5, which should be the default and lets the browser use the system proxy (the system proxy is also used to fetch favicons). Furthermore, you must set network.proxy.socks_remote_dns to true, which is not the default. Otherwise, the browser leaks DNS requests that reveal your real IP address.

  3. Start Orbot, connect to the Tor network.

  4. Surf anonymized. At the moment you need to configure the browser’s privacy settings to clear private data on exit. Maybe you want to wait for an official Orfox release.

Three steps towards more privacy on the Net

Initially, I wanted to summarize my findings concerning Tor with Firefox on Android. Then, I decided to start with an explanation why I care about Tor at all. The summary, that I had in mind initially, then follows in a subsequent post.

I belong to a species that appears to be on the verge of extinction. My species believes in the value of privacy, also on the Net. We did not yet despair or resign in view of mass surveillance and ubiquitous, surreptitious, nontransparent data brokering. Instead, we made a deliberate decision to resist.

People around us seem to be indifferent to mass surveillance and data brokerage. Recent empirical research indicates that they resign. In consequence, they submit to the destruction of our (their’s and, what they don’t realize, also mine) privacy. I may be an optimist in believing that my species can spread by the proliferation of simple ideas. This is an infection attempt.

Step 1. Opt-out of the cloud and piracy policies.

In this post, I use the term “cloud” as placeholder for convenient, centralized services provided by data brokers from remote data centers. Such services are available for calendar synchronization, file sharing, e-mail and messaging, and I recommend to avoid those services that gain access to “your” data, turn it into their data, generously providing access rights also to you (next to their business partners as well as intelligence agencies and other criminals with access to their infrastructure).

My main advice is simple, if you are interested in privacy: Opt out of the cloud. Do not entrust your private data (e-mails, messages, photos, calendar events, browser history) to untrustworthy parties with incomprehensible terms of service and “privacy” policies. The typical goal of a “privacy” policy is to make you renounce your right to privacy and to allow companies the collection and sale of data treasures based on your data. Thus, you should really think of a “piracy policy” whenever you agree to those terms. (By the way, in German, I prefer “Datenschatzbedingungen” to “Datenschutzbedingungen” towards the same end.)

Opting out of the cloud may be inconvenient, but is necessary and possible. Building on a metaphor that I borrow from Eben Moglen, privacy is an ecological phenomenon. All of us can work jointly towards the improvement of our privacy, or we can pollute our environment, pretending that we don’t know better or that each individual has none or little influence anyways.

While your influence may be small, you are free to choose. You may choose to send e-mails via some data broker. If you make that choice, then you force your friends to send replies intended for your eyes to your data broker, reducing their privacy. Alternatively, you may choose some local, more trustworthy provider. Most likely, good alternatives are available in your country; there certainly are some in Germany such as and Posteo (both were tested positively in February 2015 by Stiftung Warentest; in addition, I’m paying 1€ per month for an account at the former). Messaging is just the same. You are free to contribute to a world-wide, centralized communication monopoly, sustaining the opposite of private communication, or to choose tools and services that allow direct communication with your friends, without data brokers in between. (Or you could use e-mail instead.) Besides, you are free to use alternative search engines such as Startpage (which shows Google results in a privacy friendly manner) or meta search engines such as MetaGer or ixquick.

Step 2. Encrypt your communication.

I don’t think that there is a reason to send unencrypted communication through the Net. Clearly, encryption hinders mass surveillance and data brokering. Learn about e-mail self-defense. Learn about off-the-record (OTR) communication (sample tools at PRISM Break).

Step 3. Anonymize your surfing behavior.

I recommend Tor for anonymized Web surfing to resist mass surveillance by intelligence agencies as well as profiling by data brokers. Mass surveillance and profiling are based on bulk data collection, where it’s easy to see who communicates where and when with whom, potentially about what. It’s probably safe to say that with Tor it is not “easy” any more to see who communicates where and when with whom. Tor users do not offer this information voluntarily, they resist actively.

On desktop PCs, you can just use the Tor Browser, which includes the Tor software itself and a modified version of the Firefox browser, specifically designed to protect your privacy, in particular in view of basic and sophisticated identification techniques (such as cookies and various forms of fingerprinting).

On Android, Tor Browser does not exist, and alternatives need to be configured carefully, which is the topic for the next post.

I Love Free Software

I love Free Software!
Today is Valentine’s Day, which is a popular occasion to celebrate love. I love free software. In case you don’t know: Free software is software that respects our freedom, and I suggest that you take a close look.

Today I’d like to recommend a pair of nifty, lovely Android apps that I use on a regular basis to improve my vocabulary, namely AnkiDroid with QuickDic. (Needless to say, both are available via F-Droid, an alternative app store that provides nothing but free software.)

AnkiDroid is a tool to memorize things based on flashcards, organized in decks. In a nutshell, you create cards with different contents on back and front, AnkiDroid presents one side of a card, and you try to recall the other, telling AnkiDroid how easy it was to recall the matching content. The frequency of how often a single card’s side is presented is determined by a so-called spaced repetition algorithm. Essentially, the better you know a card, the less frequently it is presented. Lots of card decks are available on the Web and can be imported into AnkiDroid. I don’t use that feature, however.

Instead, I use AnkiDroid with the offline dictionary app QuickDic, which offers dictionaries for lots of (pairs of) languages. Whenever I look up an intriguing word or phrase in QuickDic, I long-press that dictionary entry to invoke a share dialog. Selecting AnkiDroid in that dialog creates a pre-filled flashcard in AnkiDroid, which just needs minor tweaking to create a new card. Learning vocabulary has never been simpler.

I love free software.

I love Free Software!

Die irreführende Rhetorik für mehr Überwachung

Unser von Grundgesetz und Europäischer Menschenrechtskonvention zugesichertes Abwehrrecht zur Privatsphäre gegenüber dem Staat wird unter dem Vorwand der Terrorbekämpfung seit Jahren weiter eingeschränkt. Die Begründungen für zusätzliche Einschränkungen werden mit mehr oder weniger geschickter, aber in jedem Fall irreführender Rhetorik vortragen, die zu selten als solche entlarvt wird. Überlegen Sie selbst.

Der Bundesminister des Innern, Herr Dr. Thomas de Maizière, argumentierte in einer Rede am 20.1.2015, dass Verschlüsselung notwendig sei, damit wir, die Bevölkerung, uns sicher im Internet bewegen könnten. Trotzdem sollten Sicherheitsbehörden in der Lage sein, verschlüsselte Kommunikation zu entschlüsseln. Er versuchte, diese Forderung nach unwirksamer oder umgehbarer Verschlüsselung durch eine Analogie aus der physischen Welt vernünftig erscheinen zu lassen: Wir alle schließen unsere Häuser ab, in die die Polizei unter rechtsstaatlichen Voraussetzungen eindringen darf.

Diese Analogie ist aus mehreren Gründen irreführend:

  • Das Eindringen in unsere Häuser erfolgt in begründeten Einzelfällen. Demgegenüber wird unsere Kommunikation im Internet von Geheim- und Nachrichtendiensten abgehört, gespeichert und analysiert, und zwar im Wesentlichen vollständig, hemmungslos und unkontrolliert, wie wir spätestens seit den Enthüllungen von Edward Snowden wissen.
  • Das Eindringen in unsere Häuser erfordert personellen Aufwand, was ein Vorgehen mit Verstand und Augenmaß erzwingt. (Dies ändert sich, je mehr Smartphones, Smart-TVs, Smart-Watches, smarte Brillen usw. wir als zusätzliche Augen und Ohren jenseits unserer Kontrolle einsetzen.) Demgegenüber laufen Spionage und Überwachung im Internet weitgehend automatisiert ab, was anlasslose Massenüberwachung unter Missachtung der Unschuldsvermutung ermöglicht.
  • Das Eindringen in unsere Häuser ist für uns (meistens) erkennbar und damit anfechtbar. Demgegenüber finden Spionage und Überwachung im Internet hinterrücks statt. Welche Daten von wem zu welchen Zwecken erfasst werden, bleibt im Verborgenen und lässt uns keine Möglichkeit zu rechtsstaatlicher Gegenwehr.

Diese Unterschiede zwischen Überwachung in der physischen Welt und Überwachung im Internet erfordern, dass wir unsere Kommunikation verschlüsseln, wenn wir an Privatsphäre interessiert sind. Wenn „vertrauenswürdige“ staatliche Stellen diese Verschlüsselung umgehen können, dann werden das auch nicht vertrauenswürdige staatliche Stellen und andere Kriminelle schaffen. Das ist inakzeptabel.

Unser Bundesinnenminister steht mit seiner wirren Analogie leider nicht allein. In ähnlicher Weise behauptete Herr Troels Oerting, der Leiter des Europäischen Zentrums zur Bekämpfung der Cyberkriminalität, dass die verschlüsselte Kommunikation so ähnlich wirke wie der Kofferraum eines Autos, der bei einer Polizeikontrolle nicht geöffnet werden könne. Offenbar entgehen auch Herrn Oerting die fundamentalen Unterschiede (a) des begründeten Vorgehens im Einzelfall unter Personaleinsatz mit rechtsstaatlichen Abwehrmöglichkeiten und (b) der anlasslosen, automatisierten und unbemerkbaren Massenüberwachung ohne Möglichkeit zur Gegenwehr. Vermutlich dieser haarsträubenden Logik folgend forderte im Januar 2015 der Anti-Terror-Koordinator im Rat der Europäischen Union, Herr Gilles de Kerchove, die Hinterlegung kryptografischer Schlüssel. Höchst bedenklich.

Unser Bundesinnenminister ist auch an anderer Stelle zu schnell, um die Feinheiten der Realität angemessen zu würdigen. So behauptet er in seiner oben erwähnten Rede mit Bezug auf den Terroranschlag auf Charlie Hebdo:

Die Ereignisse in Paris verdeutlichen einmal mehr, dass wir gemeinsam handeln müssen, und zwar nicht nur im Bereich der so genannten „realen“ Welt. Das Handeln krimineller und terroristischer Bestrebungen findet genauso in der „virtuellen“ Welt statt […]

Die Ereignisse in Paris mögen vieles verdeutlichen, mit der virtuellen Welt hatten sie herzlich wenig zu tun. Die Attentäter waren verschiedenen staatlichen Stellen im Vorfeld bekannt, aber ihre Überwachung wurde zu früh beendet. Davon, dass die Täter verschlüsselt kommuniziert hätten, ist nirgends die Rede – auch nicht in der ministeriellen Rede. Dass er dieses Attentat dennoch zur Rechtfertigung der Umgehung von Verschlüsselung, unserer einzigen Waffe gegen anlasslose Massenüberwachung und andere Kriminalität im Internet, verwendet, ist ungeheuerlich.

Im Ausland ist die Lage nicht besser. So versprach Premierminister David Cameron seinen Landsleuten angesichts des Attentats in Paris, im Falle seiner Wiederwahl Terroristen keine sicheren Kommunikationsräume zu lassen. Dem Premierminister ist offenbar ebenso wie unserem Innenminister entgangen, dass das Attentat nichts mit sicherer terroristischer Kommunikation zu hatte. Darüber hinaus macht seine Aussage klar, wohin die Reise gehen soll: Wer unbekannten Terroristen keine sichere Kommunikation zugestehen will, darf niemandem sichere Kommunikation zugestehen. Von Ihnen und mir ist nicht auszuschließen, dass wir unbekannte Terroristen sind; daher müssen wir überwacht werden, und zwar überall, wo dies technisch machbar ist.

Momentan gibt es noch vergängliche, unaufgezeichnete, private Gespräche. In Familien, mit Wildfremden, zwischen ganz normalen und zwischen verrückten Menschen. Auch die Brüder Kouachi werden sich vor ihrem Anschlag auf Charlie Hebdo über ihre Pläne unterhalten haben. Hatten sie ein Recht auf private Gespräche? Haben wir, die wir anders als sie nicht in Terror-Camps ausgebildet worden sind, dieses Recht, oder wollen wir es uns nehmen lassen, Cameron folgend?

Bevor Sie urteilen, sei daran erinnert, dass die Gefahr, ein Terroropfer zu werden, verschwindend klein ist. Laut Zahlen der New York Times vom Juli 2013 starben seit 2005 jährlich 23 Amerikaner durch Terror. Dreiundzwanzig. Etwa doppelt so viele starben an Bienen- und Wespenstichen, 15-mal so viele durch Stürze von Leitern. In Deutschland gab es nach Angaben der Tagesschau im Januar 2015 bisher nur einen einzigen islamistischen Anschlag – und zwar im März 2011 mit zwei Todesopfern. Demgegenüber gibt es bei uns jährlich mehr als 3.000 Verkehrstote. An den Folgen von Alkoholmissbrauch sollen in Deutschland 74.000 Menschen pro Jahr sterben.

Bevor Sie urteilen, sei zudem daran erinnert, dass Terroristen in Europa und in den USA in den vergangenen Jahren regelmäßig im Vorfeld auffällig geworden sind und Sicherheitsbehörden vor ihren Untaten bekannt waren. Offenbar fehlte es an gezielter Überwachung, um Anschläge zu verhindern. Wer trotzdem vorgibt, die Situation durch anlasslose Massenüberwachung oder durch die Schwächung von Verschlüsselungstechniken verbessern zu können, sollte sich rechtfertigen müssen oder ausgelacht werden.

Haben wir also ein Recht auf vergängliche, unaufgezeichnete, private Gespräche? Im Grunde spielt die Antwort auf diese Frage zumindest für Kommunikation im Internet keine Rolle: Wenn Sie denken, dass Sie dieses Recht haben sollten, müssen und können Sie es sich nehmen. Sie dürfen Ihre Kommunikation nicht kommerziell orientierten Datenkraken anvertrauen, und Sie müssen Ihre Kommunikation verschlüsseln.

Verschlüsselung ist alternativlos. Im Januar 2015 sind Berichte hochrangiger europäischer Gremien erschienen, die dies nachdrücklich belegen. Zum einen empfiehlt der Rechtsausschuss der Parlamentarischen Versammlung des Europarats durchgängige Verschlüsselung zum Schutz unserer Privatsphäre. Zum anderen empfiehlt auch der Ausschuss für Technikfolgenabschätzung des EU-Parlaments den Einsatz von Ende-zu-Ende-Verschlüsselung und Anonymisierungsdiensten zum Schutz der Privatsphäre.

Ich rate Ihnen, für private Kommunikation nicht auf die Dienste bekannter Datenkraken zurückzugreifen, sondern freie Software zur Verteidigung Ihrer Grundrechte einzusetzen, insbesondere GnuPG zur E-Mail-Selbstverteidigung und Tor oder JonDo zur Anonymisierung im Internet.

Lassen Sie sich nicht in die Irre führen, sondern verteidigen Sie Ihre Grundrechte!

Certificate Pinning for GNU/Linux and Android

Previously, I described the dismal state of SSL/TLS security and explained how certificate pinning protects against man-in-the-middle (MITM) attacks; in particular, I recommended GnuTLS with its command line tool gnutls-cli for do-it-yourself certificate pinning based on trust-on-first-use (TOFU). In this post, I explain how I apply those ideas on my Android phone. In a nutshell, I use gnutls-cli in combination with socat and shell scripting to create separate, certificate pinned TLS tunnels for every target server; then, I configure my apps to connect into such a tunnel instead of the target server, which protects my apps against MITM attacks with “trusted” and other certificates. Note that nothing in this post is specific to Android; instead, I installed the app Lil’ Debi, which provides a Debian GNU/Linux system as prerequisite for the following.

Prepare Debian Environment

Lil’ Debi by default uses DNS servers of a US based search engine company, which is configured in /etc/resolv.conf. I don’t want that company to learn when I access my e-mail (and more). Instead, I’d like to use the “normal” DNS servers of the network to which I’m connected, which gets configured automatically via DHCP on Android. However, I don’t know how to inject that information reliably into Debian (automatically, upon connectivity changes). Hence, I’m currently manually running something like dhclient -d wlan0, which updates the network configuration. I’d love to hear about better solutions.

Next, the stable version of gnutls-bin does not support the option --strict-tofu. More recent versions are available among “experimental” packages. To install those, I switched to Debian Testing (replace stable with testing in /etc/apt/sources.list; do apt-get update, apt-get dist-upgrade, apt-get autoremove). Then, I installed gnutls-cli:
apt-get -t experimental install gnutls-bin

Afterwards, I created a non-root user gnutls with directories to be used in shell scripts below:
useradd -s /bin/false -r -d /var/lib/gnutls gnutls
mkdir /var/{lib,log}/gnutls
chown gnutls /var/{lib,log}/gnutls
chmod 755 /var/{lib,log}/gnutls

For network access on android, I also needed to assign gnutls to a special group as follows. (Before that, I got “net.c:142: socket() failed: Permission denied” or “socket: Permission denied” for network commands.)
groupadd -g 3003 aid_inet
usermod -G aid_inet gnutls

Finally, certificates need to be pinned with GnuTLS. I did that on my PC as described previously and copied the resulting file ~/.gnutls/known_hosts to /var/lib/gnutls/.gnutls/known_hosts.

Certificate Pinning via Tunnels/Proxies

I use socat to create (encrypting) proxies (i.e., local servers that relay received data towards the real destinations). In my case, socat relays received data via a shell script into GnuTLS, which establishes the TLS connection to the real destination and performs certificate checking with option --strict-tofu. Thus, the combination of socat, shell script, and gnutls-cli creates a TLS tunnel with certificate pinning against MITM attacks. Clearly, none of this is necessary for apps that pin certificates themselves. (On my phone, ChatSecure, a chat app implementing end-to-end encryption with Off-The-Record (OTR) Messaging, pins certificates, but other apps such as K-9 Mail, CalDAV Sync Adapter. and DAVdroid do not.) For the sake of an example, suppose that I send e-mail via server at port 25, which I would normally enter in my e-mail app along with the setting to use SSL/TLS for every connection, which leaves me vulnerable to MITM attacks with “trusted” certificates. Let’s see how to replace that setting with a secure tunnel. First, the following command starts a socat proxy that listens on port 1125 for incoming network connections from my phone. For every connection, it executes the script gnutls-tunnel.shand relays all network traffic into that script:
$ socat TCP4-LISTEN:1125,bind=,reuseaddr,fork \
EXEC:"/usr/local/bin/ -s -t 25"

Second, the script is invoked with the options -s -t 25. Thus, the script invokes gnutls-cli to open an SMTP (e-mail delivery) connection with TLS protection (some details of are explained below, details of gnutls-cli in my previous article). If certificate verification succeeds, this establishes a tunnel from the phone’s local port 1125 to the mail server. (There is nothing special about the number 1125; I prefer numbers ending in “25” for SMTP.)

Third, I configure my e-mail app to use the server named localhost at port 1125 (without encryption). Then, the app sends e-mails into socat, which forwards them into the script, which in turn relays them via a GnuTLS secured connection to the mail server

Shell Scripting

To setup my GnuTLS tunnels, I use three scripts, which are contained in this tar archive. (One of those scripts contains the following text: “I don’t like shell scripts. I don’t know much about shell scripts. This is a shell script. Use at your own risk. Read the license.”)

First, instead of the invocation of socat shown above, I’m using the following wrapper script,, whose first argument needs to be the local port to be used by socat, while the other arguments are passed on. Moreover, the script redirects log messages to a file.
umask 0022
socat TCP4-LISTEN:$LPORT,bind=,reuseaddr,fork EXEC:"/usr/local/bin/ $*" >> $LOG 2>&1 &

Second, embeds the invocation of gnutls-cli --strict-tofu, parses its output, and writes log messages. That script is too long to reproduce here, but I’d like to point out that it sends data through a background process as described by Marco Maggi. Moreover, it uses a “delayed encrypted bridge.” Currently, the script knows the following essential options:

  • -t: Use option --starttls for gnutls-cli; this start with a protocol-specific plaintext connection which switches to TLS later on.
  • -h: Try to talk HTTP in case of errors.
  • -i: Try to talk IMAP in case of errors.
  • -s: Try to talk SMTP, possibly before STARTTLS and in case of errors.

Third, I use a script called to start my TLS tunnels, essentially as follows:
run_as () {
su -s $TLSSHELL -c "$1" $TLSUSER
# SMTP (-s) with STARTTLS (-t) if SMTPS is not supported, typically to
# port 25 or 587:
run_as "/usr/local/bin/ 1125 -t -s 587"
# Without -t if server supports SMTPS at port 465:
run_as "/usr/local/bin/ 1225 -s 465"
# IMAPS (-i) at port 993:
run_as "/usr/local/bin/ 1193 -i 993"
run_as "/usr/local/bin/ 1293 -i 993"
# HTTPS (-h) at port 443:
run_as "/usr/local/bin/ 1143 -h 443"

Once the Debian system is running (via Lil’ Debi), I invoke in the Debian shell. (This could be automated in the app’s startup script Then, I configure K-9 Mail to use localhostwith the local ports defined in the script (without encryption).

(You may want to remove the log files under /var/log/gnutls from time to time.)

Certificate Expiry, MITM Attacks

Whenever certificate verification fails because the presented certificate does not match the pinned one, logs an error message and reports an error condition to the invoking app. Clearly, it is up to the app whether and how to inform the user. For example, K-9 Mail fails silently for e-mail retrieval via IMAP (which is an old bug) but triggers a notification when sending e-mail via SMTP. The following screen shot displays notifications of K-9 Mail and CalDAV Sync Adapter.

MITM Notifications of K-9 Mail and CalDAV Sync Adapter

The screenshot shows that in case of certificate failures for HTTPS connections, I’m using error code 418. That number was specified in RFC 2324 (updated a couple of days ago in RFC 7168). If you see error code 418, you know that you are in deep trouble without coffee.

In any case, the user needs to decide whether the server was equipped with a new certificate, which needs to be pinned, or whether a MITM attack takes place.

What’s Next

SSL/TLS is a mess, and the above is far more complicated than I’d like it to be. I hope to see more apps pinning certificates themselves. Clearly, users of such apps need some guidance how to identify the correct certificates that should be pinned.

If you develop apps, please implement certificate pinning. As I wrote previously, I believe these papers to be good starting points:

You may also want to think about the consequences if “trust” in some CA is discontinued as just happened for CAcert for Debian and its derivatives. Recall that CAcert was a “trusted” CA in Debian, which implied that lots of software “trusted” any certificate issued by that CA without needing to ask users any complicated question at all. Now, as that “trust” has been revoked (see this bug report for details), users will see warnings concerning those same, unchanged (!), previously “trusted” certificates; depending on the client software, they may even experience an unrecoverable error, rendering them unable to access the server at all. Clearly, this is far from desirable.

However, if your app supports certificate pinning, then such a revocation of “trust” does not matter at all. The app will simply continue to be usable. It is high time to distinguish trust from “trust.”