A Life For Itself

Tag: VPN

  • Five Things – 2 August 2020

    Twitter Hackers Caught

    There’s a scene at the beginning of “Ocean’s Eleven,” where Danny Ocean and Rusty Ryan are trying to talk Ruben Tishkoff into joining them in their planned casino robbery caper. Ruben is hesitant at first, but is happy to join in once Danny and Rusty explain that they’re planning to rob the casinos of Ruben’s nemesis, Terry Benedict, who had recently bought Ruben’s hotels from under him and was planning to demolish them “to make way for some gaudy monstrosity.”

    Despite the good feelings engendered by Ruben’s joining the plan, he makes an important warning. Stealing from Terry Benedict like this is especially dangerous. “At the end of this, he better not know you’re involved, not know your names, or think you’re dead, because he’ll kill you, then he’ll go to work on you.”

    Since the movie is older than at least one of them, almost as old as the other two involved, I guess the young men who pulled off the Twitter hack had never seen it, or at least that scene. And perhaps nobody told them leave their names fully out of online activities like that. And that means anywhere along the lines.

    What’s the point of using a “hacker alias,” a VPN, TOR, an airgapped machine, Kali Linux, or any of that other stuff, if you’re going to use your real name on your bitcoin account that you use to receive stolen Bitcoin?

    I only ask because that’s apparently how guys in the caper got caught. They’re described as the middlemen, but, if you’re the kind of person who involves themselves in such activities, you’ve probably taken a lot of other precautions, such as the ones listed above, to protect your identity, as much as possible. They might even use burners phones and such. But if you’re going to be receiving stolen bitcoin, why on Earth would you receive it in such a way that can be tied back to you? There are ways to transact with Bitcoin anonymously and I was surprised to hear that this is how law enforcement was lead to the two.

    In Ocean’s Thirteen, when discussing that film’s caper, the specialist Roman Nagel asks Danny and Rusty possibly the most important question of any caper, “what’s your exit strategy?”

    These guys must not have given much thought to theirs. Now, they’re facing multiple felonies.

    President bans TikTok

    The other night, Twitter was ablaze with the news that the President of the United States planned to ban the short-form video content creation app, TikTok. If you’ve been living under a rock or perhaps spend the majority of your social media time on Facebook and therefore don’t know what’s going on, TikTok has been controversial because it is owned by a Chinese company with ties to its government and the app has come to be considered to be spyware. India’s government has banned TikTok, but they’ve also been having other issues with China this year.

    This, and perhaps other issues (like, really, who even knows?) have prompted the President to make the move to ban the app in the United States. But, if the comments on Twitter are any indication, there might be some trouble enforcing that.

    As a baseline, the government would need Google and Apple to remove the app from their app stores “in the U.S.” Even so, the moment the app is removed from those locations, what’s stopping someone from hopping on a VPN and changing their location to another country, like say, Canada, which has not banned the app, and getting the app?

    It’s possible on both Android and iOS without rooting, and it’s super easy on Android.

    But even so, for those who might be unable or unwilling to do that much, there are alternative app stores out there. And even if one does not trust those, what’s stopping people from going to other websites and getting the app(s)? It’s pretty easy to sideload an Android app. And while it doesn’t seem as easy to me to do the same on iOS, it’s possible. A quick web search will reveal a bunch of possible ways to do so.

    As this tweet says, pretty much nothing sort of the government building a “Great Firewall” is going to stop the app from coming into the country. They’d have to enlist every ISP, including cell phone companies and home Internet providers. Would they do it by blocking the DNS of known places where the app might be? Still, people can use DNS in other countries and even Cloudflare, whose 1.1.1.1 DNS service is encrypted. VPN providers have their own DNS servers, so if someone connected to a VPN, if that VPN provider were outside of the country, then they’ve already circumvented things. They’d have to ban VPN services.

    Then, what’s stopping someone two people, one inside the US and one outside, away from known VPN services, from setting up their own site-to-site VPN and just sharing the app between themselves?

    All of that aside, it’s being reported that Microsoft could buy the American arm of TikTok and I guess that, along with making sure the apps aren’t like … spying on people, will could make this issue go away? Hopefully, the kids will take their lessons on Internet privacy seriously, regardless of what happens.

    MLB Still Going

    Pleasantly surprised is a good way to describe how I feel about this MLB season, so far. Despite coronavirus diagnoses on several teams, MLB is pushing through. Now, Rob Manfred has told the union that too may more players testing positive would mean he’ll have to shut it down, and has told their television partners to get ready for that possible eventuality, but so far, they’re pressing on. And the O’s are near the top of the AL East. I do want baseball, not because I have this sense that it’ll be providing “normalcy.” Normalcy would be the season starting early spring when it’s cooler and fans would be in the stands and no fan noise would be piped in. But, baseball does bring me joy like few other things in my life, so I’m happy to have it. But, if the health situation becomes unmanageable, then it’s time to shut it down.

    NFL Better Pay Attention to MLB

    The NFL needs to be paying as much attention to how things go with MLB. In fact, while I’m pretty sure they’d never do this, were I in control of the NFL, I’d have done my best to have health and operations officials from my league working closely with some counterpart in MLB to monitor the situations and the decisions being made, to relay that information and to help us make better decisions moving forward.

    The two leagues are in similar situations, in that they both decided to contest games in each team’s home stadium. However, while no fans are present in MLB games, the NFL has decided to leave the question of fan capacity, ultimately up to teams and local governments. The Ravens announced several weeks ago that M&T Bank Stadium would have a capacity of no more than 14,000 fans (PSL holders were given priority ticket purchase rights since they wouldn’t all be technically able to use their PSLs this season), but ultimately, the decision is up to the City of Baltimore to decide whether that number of fans will be allowed into the ballpark, or fewer, or none at all.

    The challenge of preventing a breakout in any team’s locker room is magnified for the NFL, as NFL rosters are basically double the size of MLB rosters this season. NFL teams pretty much always have more coaches than the typical MLB team. More players play in closer quarters on every single play in any game, than in MLB. The NBA and WNBA have distanced players sitting on the bench, so it’ll be interesting to see how the NFL deals with that particular issue because there are a lot more players along the sidelines at any time during an NFL game than there are in any basketball game.

    It’s a logistical challenge and I think the NFL should have decided upon sequestering players, officials, and such in one or more places across the country and I’m surprised they did not. The NFL had lots of time to think about it. They planned and executed a physically distanced, and quite fun, in my opinion, draft in a relatively brief time.

    Now, on the chance that both the MLB and NFL seasons successfully complete, I do hope the O’s and Ravens do end up on top. I usually do, obviously, being from Baltimore and having been a fan for such a long time, but want to see the win for Mo. Baltimore superfan and child cancer patient, Mo Gaba, passed away this past week. I don’t think I’ve ever seen such an outpouring of love or care or concern for anybody in the Baltimore sports community. Tweets came from current and former Baltimore players. Even whole sportscasts have been dedicated to him and his memory. Understandably so. He didn’t just love Baltimore sports, but that was part of his love of life. In spite of all of the challenges he faced. I never met him, but like so many of us, was touched by him and his story. The Orioles put him into their Hall of Fame hours before he passed and I hope that gave him peace and joy in his final hours. I’m glad the O’s and Ravens, and others, did so much for him, rallied around him. These are my home town teams, but we’re also part of a community that I’m grateful to be part of. At least one championship would be a great tribute to a life lived briefly but bravely.

    Isaias

    Tropical Storm Warnings have gone up in this area, and we’re hours from the forecast arrival of Isaias. Hopefully it will be just a Tropical Storm when it arrives in this area. From the looks of it, the storm will be here with us from sometime late Monday night through Tuesday afternoon/evening. It’s done quite a bit of damage down in Puerto Rico and the Dominican Republic, but thankfully lost some intensity last night and was downgraded. But tropical cyclones are anything but fully predictable, so we’ll have to wait and see how things turn out.

    Baltimore City is offering free sandbags for local residents on a first-come, first-served basis.

    Providing these bags is a great service, but I think in future storms, this needs to be done on the basis of living near one of the City’s waterways. The City has neighborhoods that flood almost regularly, like Canton and Fells Point and ones right next to the Patapsco like Cherry Hill and Westport. Those neighborhoods, and ones like Clipper Mill, which sits in the Jones Falls valley, and Mount Washington, are the most at risk when a storm threatens to rain hard and consistently for hours. There are also other smaller waterways, which can become hazardous during a huge rain event. These are the places the city needs to focus on, as well as areas with poor drainage. The City knows about these issues and can focus resources better itself than relying on citizens, who might come from neighborhoods at less risk, and come more out of fear than out of a sense preparedness. With the pandemic going on, city agencies like schools (yeah, yeah, I know how it runs and how its funded, but it serves Baltimore children and it’s located in Baltimore) have faced logistical issues in serving people. The last thing we need is people unnecessarily showing up places for something they probably don’t need. Hopefully, the City will correct this and do a better job in the future. This isn’t a condemnation, but advice, as I know that Baltimore, like pretty much everywhere else, is under unprecedented pressures at this time. Whatever happens in the next couple of days, I hope that we make it through, as unscathed as possible because the logistics around sheltering people during the pandemic would be a major challenge. I know the City has many good people working for it, but again, there’s a big strain going on.

  • On VPN Privacy and the Workplace (and school)

    Good article today on Lifehacker about some of the issues using a VPN that touches on two of my new favorite subjects: VPN privacy and remote work. A reader wrote in asking if they could use a VPN at their soon-to-be residence, which is paid for, and whose Internet access is provided for, by the university where their spouse works.

    One of my favorite parts of the article is this:

    Some bored IT worker doesn’t care if you’re wasting time online (usually)

    Before I went remote, when I had a desk in an office where I had coworkers who saw me on a regular basis, I’d run into the worry of whether I was somewhere monitoring what people were doing on the system. I had some coworkers who swore I was somewhere with a little window on my desk, watching web traffic scroll down my screen like Tank in The Matrix, but I never had any such thing. I think one of my ex-coworkers even had the idea that I was sitting at home monitoring their online habits after hours, which was patently ridiculous because: a) I left work at work to the greatest degree and b) I was busy writing and acting in plays after hours, which I would have preferred doing during hours, as it was.

    As it stood, our managed services provider partners had the responsibility of monitoring edge equipment like routers and firewalls, so we didn’t concern ourselves with it internally. The only monitoring of web traffic they did was concerned less with content and more with the amount of bandwidth between our offices and their data center. Even when filtering was available going through their data centers’ web connections, we didn’t request any filtering outside of anything else they may have had in place for all of their customers, including us.

    Our staff could also access the Internet outside of the MSP connections, but we didn’t monitor what anybody was doing. The only time that we even came close to any sort of monitoring was when we deployed an early wireless mesh network at one building. The system came with monitoring and when I’d log into the control panel –usually to see what any of the nodes were up to, if someone told me the wireless there was slow or something– I’d see which sites were being accessed, generally by all users. I was too busy and lacking interest to see what any particular user was up to. But I will say the people in that building used a ton of bandwidth going to Facebook.

    It was a slightly different situation on the student network at the alternative high school program. On that network, I purposely deployed an Untangle gateway server (with OpenDNS for extra filtering) in order to monitor and filter what the students were up to. From the time I came on board, it was known that students would go online and do whatever they wanted. Whether it was general non-educational web surfing, social media, downloading music, whatever, students used a free and open Internet connection as such. And they were teens. Who could blame them? They didn’t even have web filtering or parental controls in my day. Even at school.

    At some point, this situation became unacceptable and I came up with the Untangle gateway server as the solution. The server itself came with an app that I set up for filtering of categories and content, as well as the ability to filter specific websites. OpenDNS had the ability to filter sites via categories that they had compiled, too. And usually once or twice per month, I’d take a look at the Untangle logs to see what new websites the students were going to, in order to block them. A few of the more clever students would find some way around the filtering, usually through proxy websites. One of them, a really smart young man who has since passed away, unfortunately, went so far as to have fresh proxy websites delivered to his email. I’d block one and he’d go to another one, a game we played until he graduated.

    I didn’t monitor any specific students, however. That was never an intention of mine or anybody else’s. We got the data we needed from monitoring and filtering the connection, not the individuals, and nobody ever got in any trouble because of our actions.

    In the case of the reader who wrote in, it’s just as likely that there’s nobody sitting in the university’s data center monitoring what they themselves are specifically doing on the university’s Internet. But, as the author says, there may be flags in place in the case of certain content being downloaded or sites being accessed, specifically through DNS requests. Web browsing over HTTPS, and probably requests sent to devices like Google assistant, are sent encrypted, so the university (their ISP in this case) may not be able to know what’s being sent, but without the reader’s using DNS over TLS (like Cloudflare’s 1.1.1.1), the university can know which websites are being accessed. Same goes for you at home, by the way.

    If that’s okay to the reader, then they don’t need to use a VPN. Otherwise, if they want to use a VPN, there a bunch of different options these days. Most of them have apps for Windows, MacOS, iOS, Android, and Linux (including ChromeOS).

    As the article also states, they can find a router with VPN client software. ASUS makes routers that come with client software. Some Netgear routers come with it as well. On the higher end of the price and feature scale, so does Synology’s lineup of routers and access points. And if you’re more technically inclined, you can use an alternative firmware on a router and get this functionality or even set up a Raspberry PI. And if you’re really, really technically minded, you can set up a VPN with Linode or DigitalOcean or other such service online for this purpose.

    #

    It’s important to note that VPNs will only hide what you’re doing from your ISP. The VPN therefore will know what you’re up to, so your trust is placed into them instead of your ISP. Because of this, if you’re using a VPN, you’ll most likely want to use one that doesn’t log what you do, if you’re that interested in your privacy.

    In the case of the reader, I would definitely want to use a VPN. I don’t know what their use case is fully, but knowing what I know, I’d want to go with a router with enough horsepower to make sure that I was able to use all of the allotted bandwidth. Hopefully they’re being provided with a router in their residence that can accept a downstream connection. Then they can use their own router with a VPN configured. This is mostly because they’re using cameras and devices that use Alexa. It might be easier to just put the VPN on the outside connection than on every single device they may find themselves using.

    I don’t know what his spouse’s job is, but given the climate around universities and academic freedom, unless the university says don’t encrypt, I think it would be a good idea to encrypt with a no-log VPN, and use that service for as much of their surfing as they deem necessary. Yes, it will slow down their connection, but it may offer some peace of mind. Instead of the university knowing exactly what they’ve been up to, the school might have to do some digging and either be unable to find out or unwilling to go as far as necessary to find out, something about their web usage habits.

    #

    As for your web surfing with your employer, common sense says if your employer hands you a machine for your work, only do work on it, nothing of a personal nature. We did not monitor anything on the laptops that we were loaning out, but that doesn’t mean that your employer is the same. There’s obviously a use expectation, so it’s better to be on the safe side and use your own equipment for your own Internet usage. Unless you are IT and you know how it all works and you’re the person who might be doing the watch watching and nobody’s watching you and you know how to subvert it, in which case, knock yourself out.