Back to blog

take the power back!

23/08/2014 - Posted in hacktivism , knowledge Posted by:

Tags: , , ,

intro

This post is about gathering information and knowledge, but most of all it is about power.

After that very inspirational song you should be pumped and feel like you can take on the world. First you need your sword and most importantly your shield. Of course this is just metaphorical, in the 20th century you don’t fight with crude steel weapons anymore. We are in the digital era and as such we use digital tools instead of blade and plates. People tend to think of computers like magical boxes that have their own free will or are just full of bugs. In reality computers are a blessing to those who possess the knowledge to use it as a tool that will help them accomplish whatever they like. I even think computers, especially programming has something very creative. I love to look at code from other people and just be amazed what clever things they thought of.

Well back to the magic boxes…first of all people have to stop being afraid of computers. They have to understand that you do not need to visit university or any higher educational institution. All the knowledge you need to use a computer as your tool is available on the internet – and the best thing is, it is for free. I am not talking about pirating anything or copyright infringement. Everything you need is out there, you just need to hit google or any other search engine – duckduckgo anyone? – and type in what you are looking for.

Because i think it is crucial that not only a tiny portion of humankind is in possession of this wisdom i try to compile a list of website that come in handy if you want to learn about computers. In order to shift the power balance back to a healthy state it is crucial that YOU learn to code, that YOU start to fight for your rights and that YOU use the tools that are out there to counter mass surveillance and tracking.

So let’s use the internet to learn something so you can be the first one to start a revolution or rebellion or whatever you want to call it. If you are just here by accident and you are interested in the following topics without any concern for privacy and hacktivism then so be it. I encourage you though to think about the implications of the WWW, NSA, etc…

tools && links

Browser tools

The following three(four) programs keep you safe and probably a little anonymous on the web. Keep in mind though that full anonymity cannot be achieved through normal measures like these. In my opinion these tool are just there to help you evade across-the-board surveillance and tracking of ad companies. The password managers ensure your security even if the services you use f*cked up their security.

https-everywhere – a nifty browser extension/plugin that will automatically redirect your browser to the safer “version” of websites. It ensures that you automagically connect to their webservers via HTTPS. While you’re on the EFF website you should check out the things they posted, they really fight for your rights in the digital era and they have some interesting things to share.

ghostery – this little fella lets you block tracking scripts on the websites you browse. Comes in handy if you want to block social networking buttons BEFORE they track you. It’s blocking capabilities go way beyond social networks. IMO a must for the responsible internet user. :}

1Password/LastPass – These programs keep your passwords safe. Basically they store your passwords in a password protected file which you need to unlock via a masterpassword. Once you unlocked it you can use a browser plugin for your browser to automatically fill in log-in forms with a shortcut. Both offer a password generator to generate random passwords which comes in handy to provide you with different passwords for different sites. So if a site gets hacked and your password stolen* it won’t matter that much because now you can have a different password for every single site. Both offer an iOS and an Android app so you can take your passwords with you. 1Password costs money while LastPass is free but offers premium features like unlimited number of mobile devices and more multifactor authentication options, for an annual fee of 12$. These are probably the most useful tools presented here.

Secure Communication

Who does not want secure communication? Of course it is going to be a little more inconvenient – at least for email encryption. While Telegram is just as easy to use as WhatsApp, i cannot speak for the tools mentioned in the post by Matthew Green.

GPG4Win(Windows)GnuPG(Linux) / GPG Tools(OSX) – Three packages for any of your systems to ensure secure communication. Just generate your key pair and start encryption your mail traffic. The downside is that you need to encourage other people to use PGP too in order to do so. So install those things and convince the people around you to use protection!  On how to generate keys you probably will find tutorials on the websites or just use your magic glassball called search engine.

Telegram – This messenger allows for encrypted messaging via smartphones, tablets and computers – basically it’s like WhatsApp but more secure and less controlled by an evil data mining company. The used protocol is open source and has been improved to be even more secure. While i prefer Threema because it enforces encryption with every chat, Telegram is a nice alternative because it is free. Plus it has the potential to grow far beyond Threema’s security standards because most of it is open source and therefore can be checked by capable people who know crypto. So bug your friends to change to Telegram, what’s one more app on the smartphone?

UPDATE: Do not use Telegram anymore. For reasons on why Telegram is a bad choice look at the updated Telegram article: https://www.palladion.it/privacy/telegram-a-revision/

Here come the encryption Apps” is a nice Article by Matthew Green, professor at Johns Hopkins University in which he talks about a few more of those Apps that promise secury communication.

Programming

If you want to get into programming there are several sites that help you get started. I really encourage you to learn programming, This is like the most empowering thing to do. You learn far more than just the handling of computers, it will improve your problem solving skills and creativity, just to name two of the more useful things. Python is currently one of the most popular languages and therefore there are some pretty good ressources out there that will help you on your path to enlightenment.

The Python Tutorial – by python.org

learnpython.org – A quite interactive tutorial to learn python. You can do your programming and learning right inside your browser, no need to install anything or fiddling around with the command line. If you want to learn different programming languages you can find links to learnXY.org there too. Just keep in mind that older languages like C will probably be a little bit hard for a beginner.

Hacking

I want to start this section with the incredible post of the finfisher activist. He leaked some documents to the public and later on he wrote a post about how he hacked Gamma and gained access to their computers. I find this post empowering because it shows that hacking does not always imply fancy computer magic but sometimes is just quite simple and only requires persistency and patience.

Finfisher hack – the beauty of this article is that it provides further information for those who want to read into the tools and techniques he used to hack Gamma.

HackThisSite – a website that is a safe playground to make your first steps in hacking. It provides you with challenges you can solve, further links and an IRC channel where you can get some help if you’re stuck on a challenge.

SQL Injection Cheat Sheet – a handy cheat sheet for SQL injections. Provides a handy overview of stuff to try on different SQL implementations.

There are many other ways to “hack” something. I think you will come across most in the HackThisSite challenges. For other techniques like cross site scripting and social engineering you will find many other sources on the web that will be some guidance – once again, just use your favourite search engine.

TL;DR / closing words

These are some tools and resources that should get you started to get a little more control of your own data. Those are tools that will salt the game of some major ad companies and even the NSA**. It is fundamentally important that people start to use those tools. Email encryption is useless if you are the only one using it because you will not be able to send anyone anything encrypted. So get together with your friends and talk to them about the importance of using the internet in a responsible way.

A switch from WhatsApp to Telegram should not be too hard and can be gradual, you just need to start using it and keep pulling your friends back to the light side of the force.

Password managers are another great tool that will improve your security. You won’t need to change your password every time some random website gets hacked where you have an account. If you start using a manager you can just have a different password for every website. Just make sure to not leak your password file to the internet and chose a really, REALLY, REALLY strong master password or the pwd manager will even be more of a security threat than a blessing. If you want to go overboard with empowering yourself you should check out the Programming/Hacking links provided here. They will not even make your life with a computer easier but will give you some insight to the WWW and various other areas of computer science.

I hope that you liked this little collection of useful links and tools, if you think i missed something important, have suggestions or concerns i would be very glad to hear from you. Just leave a comment or send me an email***.


 

Footnotes

*assuming that they did a bad job and did not hash and salt it

**in regards to there broadband surveillance – if you are indeed a special target probably nothing mentioned here will help you.

***you can find my public key on my about page.

Leave a Reply

Your email address will not be published. Required fields are marked *