Tuesday, July 24, 2012

5 Essential Privacy Tools For The Next Crypto War

By Jon Matonis
Thursday, July 19, 2012


The first crypto war revolved around the hardware-based Clipper Chip and coercing companies to deploy broken encryption with backdoors to enable domestic State spying. Fortunately, the good guys won.

The next crypto war is still a war of the government against its own citizens but this time enlisting the corporations, including social networks, as direct agents of the State. What some have dubbed Crypto Wars 2.0 manifests itself in the current litany of legislative acronyms designed to confuse and befuddle.

Sometimes I think legislative bills are named with a Twitter hashtag in mind. Although it doesn't always work out favorably for the  name deciders, hashtags do generally assist in the coalescing of Internet organizers around the world. Since passage of the Cyber Intelligence Sharing and Protection Act by the U.S. House of Representatives in April, #CISPA has been everywhere. Thankfully, twin legislative initiatives SOPA and PIPA were dropped in January. Also, let's not forget the gradual expansion of CALEA and the Lieberman-Collins Cyber Security Act and the NSA-centric McCain Cybersecurity Act.

Even the seemingly unpatriotic USA PATRIOT Act of 2001 is a garbled backronym that would make George Orwell proud: Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act.

The Electronic Frontier Foundation recently posted an FAQ arguing that CISPA would allow companies to review and then to hand over customers' personal information, logs, and email to the government. That is a fairly broad and comprehensive mandate.

What has gone largely unnoticed in this torrent of analysis, however, is that privacy tools for individuals already exist and they have so for many years! Quietly anticipating encroachment against basic Internet liberties, concerned cyber privacy advocates has been coding and releasing the tools that allow for private electronic communication and private web surfing. Proposed legislation like CISPA may or may not pass and become law, but if it does we have to understand the new landscape. Your privacy is up to you!

1. Email Privacy - Naked email is like a postcard for anyone to read. Pretty Good Privacy (PGP), an open source software program created by Phil Zimmermann in 1991, is the global standard for point-to-point encrypted and authenticated email. Hushmail is an OpenPGP-compatible web-based email platform that does not have access to your user password for decryption. Both products, when used correctly, offer subpoena-proof email communication.

2. File Privacy - Your files might be stored in the encrypted cloud but that doesn't mean that they're 100% safe for your eyes only. Free and open-source TrueCrypt allows you to encrypt folders or entire drives locally prior to syncing with Dropbox. BoxCryptor also facilitates local file encryption prior to cloud uploading and it comes with added compatibility for Android and iOS.

There is an alternative to the dual-application process described above. Although most cloud-based storage services transfer over an encrypted session and store data in an encrypted form, the files are still accessible to the service provider which makes the data vulnerable to court-ordered subpoena. In order to rectify this, two different zero-knowledge data storage companies provide secure online data backup and syncing - SpiderOak and Wuala. For obvious reasons, there is no password recovery and employees have zero access to your data.

3. Voice Privacy - Wiretapping will become more prevalent in the days and months ahead. From the creator of PGP, Zfone is a new secure VoIP phone software product utilizing a protocol called ZRTP which lets you make encrypted phone calls over the Internet. The project's trademark is "whisper in someone's ear from a thousand miles away." You can listen to Zimmermann present Zfone at DEFCON 15.

Also utilizing ZRTP, open-source Jitsi provides secure video calls, conferencing, chat, and desktop sharing. Because of security issues and lawful interception, Tor Project’s Jacob Appelbaum recommends using Jitsi instead of Skype.

Designed specifically for mobile devices and utilizing ZRTP, open-source RedPhone from Whisper Systems is an application that enables encrypted voice communication between RedPhone users on Android.

4. Chat Privacy - Encrypting your chat or instant messaging sessions is just as important as encrypting your email. Cryptocat establishes a secure, encrypted chat session that is allegedly not subject to commercial or government surveillance. Similar to Cryptocat, the older and more durable Off-the-record Messaging (OTR) cryptographic protocol generates new key pairs for every chat implementing a form of perfect forward secrecy and deniable encryption. It is available via Pidgin plugin.

5. Traffic Privacy - The final step in the process is geo-privacy, which refers to the protection of 'information privacy' with regard to geographic information. Virtual Private Networks, or VPNs, have been used consistently for anonymous web browsing and IP address masking. Just make sure that your VPN provider does not log IP addresses and that they accept a form of payment that does not link you to the transaction.

Additionally, the Tor Project provides free software and an open network for privacy-oriented Internet usage. Intended to protect users' personal freedom, privacy, and ability to conduct confidential business, Tor (The onion router) is a system that improves online anonymity by routing Internet traffic through a worldwide volunteer network of layering and encrypting servers which impedes network surveillance or traffic analysis.

I encourage everyone to become familiar with these basic tools for privacy. The important disclaimer is that in order to circumvent these privacy technologies, your password can be obtained in a variety of ways that are extremely intrusive and beyond the realm of casual day-to-day usage, such as hardware keyloggers or ceiling-mounted cameras. Furthermore, browser-based cryptography carries the added risk of spoofed applets being delivered to your desktop by court order or by malicious actors but this risk can be mitigated by maintaining trusted source code locally or by verifying compiled code against a digital signature. The mission statement from Tor Project advocate and developer Jacob Appelbaum still stands, "Make the metadata worthless essentially for people that are surveilling you."

[UPDATE:  I was previously affiliated with Hush Communications Corporation, the creator of Hushmail. This link further explains my stance on Hushmail strengths and weaknesses.]

For further reading:
"Review of Cryptocat", Vitalik Buterin, Bitcoin Magazine, June 15, 2012
"Paranoia About CISPA Is Justified", Conor Friedersdorf, The Atlantic, April 27, 2012
"Never Trust A VPN Provider That Doesn’t Accept Bitcoin", Rick Falkvinge, September 27, 2011
"PGP Creator Defends Hushmail", Ryan Singel, Wired, November 19, 2007

Tuesday, July 17, 2012

Kim Dotcom’s Pretrial Legal Funds Would Be Safe With Bitcoin

By Jon Matonis
Thursday, July 12, 2012


The Megaupload case may end up having a chilling effect on pretrial asset seizure. Yesterday Kim "Dotcom" Schmitz, founder of Megaupload, asked his Twitter followers for some better payment alternatives to credit cards and PayPal. The responses suggesting bitcoin came pouring in.

It's easy to see why he asked in the first place. After successfully launching Megaupload, Kim Dotcom's business enterprise was shut down by the FBI and his funds frozen over alleged copyright infringement, money laundering, and conspiracy. Also, PayPal has recently taken a stricter stance on file-hosting services due to piracy concerns. Kim Dotcom is launching a new online business, Megabox, in four to six months and he probably doesn't want to bother with the likes of PayPal.

However, there are two unique aspects of the bitcoin cryptocurrency for Kim Dotcom to consider -- an online payment method for customers and a reliable storage facility for his company's monetary assets.

On the first count, bitcoin could replace PayPal and credit cards which would increase the transactional privacy of his many loyal customers as well as dramatically reduce the processing fees that his company has undoubtedly been forking over to PayPal and credit card processors. At its peak, Megaupload served about 180 million users.

Now, since his extradition hearing has been delayed until 2013, Kim Dotcom has made the extraordinary offer to go to the United States voluntarily if he and his colleagues receive a fair trial and the unfreezing of his funds to pay legal bills and pretrial living expenses. The U.S. Department of Justice has already seized $67 million. With 22 lawyers working on the case in different countries, Kim Dotcom tells the New Zealand Herald, "I have accumulated millions of dollars in legal bills and I haven't been able to pay a single cent. They just want to hang me out to dry and wait until there is no support left."

This is where bitcoin, on the second count, would prove even more useful as funds retained on the distributed bitcoin block chain cannot be seized in any jurisdiction. As the holder of the private key, you and only you control access and dispensation of the bitcoin value. A distribution mechanism could be set up for Kim Dotcom to transfer a certain amount of bitcoin to a third party that would handle the payment of his legal fees in various national currencies. Or, his legal team could even accept bitcoin directly as payment for legal services rendered. If he establishes a brainwallet, he could even authorize the transfer from prison.

In a Skype interview with The Hollywood Reporter, Dotcom said, "My home was raided by 72 heavily armed police arriving in helicopters. This was an Osama bin Laden-style operation on an alleged copyright infringer. I guess it's pure luck that my family wasn't terminated by a Predator drone." Dotcom also believes that "dirty delay tactics instead of evidence" are being deployed by the U.S. Government and that "the [delaying] actions clearly demonstrate that they don't have a case and that this ... was about killing Megaupload and creating a chilling effect to freeze the whole file-hosting sector."

Ruling on June 29th, U.S. District Court Judge Liam O'Grady ordered that defendants could argue for a motion to dismiss the allegations against the company but seized assets would not be unfrozen to pay attorney costs due to the fact that defendants are currently challenging extradition abroad. After this saga unfolds and given the sad and overzealous trend in pretrial asset seizure, I expect many rainy day legal defense funds to be established in bitcoin.

For further reading:
"Paypal’s Abandonment of Major Cyberlockers May Become Bitcoin’s Big Win", Kit Dotson, July 11, 2012
"Megaupload and the twilight of copyright", CNNMoney, July 11, 2012
"Kim Dotcom, Megaupload Founder, Offers To Extradite Himself", NPR, July 11, 2012

Wednesday, July 11, 2012

Virtual World Needs Laissez-faire Economists

By Jon Matonis
Friday, July 6, 2012


The latest announcement of a prominent economist joining the team of a gaming company sparked a lot of questions for me. Why study and analyze the empirical data of a virtual game economy? Isn't designing economies the same as central planning? Doesn't regulating a virtual currency imply monetary manipulation?

This is capitalism within capitalism. The most successful virtual world game companies will be the ones that can out-compete their peers in the quest for economic activity. And, that means providing the most robust and open platform for virtual economy/real economy integration.

After almost deleting the original email from Gabe Newell, Yanis Varoufakis accepted the post as in-house economist for gaming software powerhouse Valve Corporation. I like Yanis. He has been a fellow guest on the Keiser Report with Max Keiser. He currently contributes via the Valve Economics blog. Here are some of his observations related to Steam which is the trading house for Valve virtual games:
"In short, Steam trades are not always pure exchanges happening in some moral-free zone where social obligations are perceived to be non-existent. An unspecified (and impossible to compute accurately) number of trades take place at exchange rates that do not reflect the relative bargaining of buyer and seller but, instead, are determined by other social and gaming factors. In technical terms, this means that, while our arbitrage data is not affected (since the volume of arbitrage opportunities is independent of the reasons for which some items are sold cheaply and resold expensively), our relative price estimates are. Ideally, we would like to have some ‘gift exchange’ radar that alerts us to all instances of Steam ‘trading’ where people are far from trying to get the best possible ‘bargain’ for themselves. If we possessed such a radar, we would use it to decide which trades to turn a blind eye to when computing relative prices. Of course, that ‘radar’ is missing. So far we are utilising crude methods of ‘visual’ inspection, leaving out of our calculations those relative prices that seem, economically, silly. Clearly, we need to work on coming up with such a radar. Any suggestions from you will be most welcome."
Who cares? My economic instinct tells me that I should be concerned here because I don't separate out the exchange prices determined by social and other gaming factors. The market price is the real price. As economic actors, men possess different data and make different value judgments reflected in pricing so the mere act of gifting may have immeasurable value to one and not to another.

Allow me to fantasize. The job description of an in-game economist should be the same as the job description for a White House or Federal Reserve economist -- get out of the way of the free market and "let it be." Support and protect property rights and maintain an economic environment free from stifling regulation and free from outcome prediction. Valve's job description reads more like an economist for the Politburo.

Of course, virtual world game designers have a right to design socialist economies just as much as free market economies. It is the gaming experience that is the commodity here and certain games will survive and thrive based on their attractiveness and value to end consumers. However, whether or not their economies survive on their own will depend on their adherence to laissez-faire principles.

As I outlined in Virtual Currencies and Roach Motels, in-world economies are the perfect crucible for launching unrestricted currency competition and that competition will enable further opportunities for transporting virtual world earnings to real world value.

In To Truck, Barter and Exchange? On the nature of our digital economies, Yanis Varoufakis concludes by hinting at a future of two-way currency convertibility, but I am not sure what outcomes he and Valve have in mind:
"Many economists believe that philosophising over the nature of exchanges is a luxury they do not need in order to analyse and understand an economy. They are wrong. The nature of exchanges, whether they are pure (i.e. asocial) or impure (replete with social norms and part of intertemporal social relations), makes a difference when it comes to predicting economic activity. Thus, to understand the exchanges we observe on Steam, it is crucial that we grasp the network of social relations within which they are embedded. The prevalence of gifting and the fact that no specific item has emerged as a form of money in trades of TF2 items should alert us to the intriguing social conventions that are part and parcel of our community’s trading decisions. How will these conventions change or mutate when participants are given the capacity to buy and sell, among one another, using real dollars? Would it make a difference if any dollar profit made through such trades can be taken out of Steam (i.e. monetised)? I suspect the answer to these questions are in the affirmative. But we must wait and see."
Who cares about predicting economic activity? We don't have to "wait and see." Apologies to Yanis, but he is wrong to focus on the nature of pure or impure exchanges and economic prediction. Economic activity should not be predicted -- it should be protected. Establishing and protecting the platform for competition, especially monetary competition, will yield the most beneficial results. In a free market, the users will determine what good to use as a barter currency and if a free market payment platform is provided then the most ideal virtual currency will emerge.

Monetary calculation rests on these market prices so a freely determined numéraire is vitally important. There can be more than one numéraire and it can be introduced externally rather than provided internally within the game. A true, and ideal, virtual currency will have the attributes of two-way convertibility, an independent floating exchange rate, and a nonpolitical unit of account. If dollar profits could be taken out of Steam, as you say, it will make a huge difference because the Valve grid would then be on the path from a closed economy to an open economy.

An open economy in the virtual world with a freely-determined currency would eventually facilitate the many other transactional features that are so important to users, but maybe not to game publishers, such as unrestricted person-to-person payments, user-defined anonymity and untraceability, near-immediate bearer settlement, transaction irreversibility, reliable store of value, multi-grid capable, and decentralized processing. These principles don't have to exist only on the black or "grey" markets because there shouldn't be a black market -- just one market environment for free exchange.

I think where Yanis and I primarily disagree is on the level of monetary freedom that is acceptable for sovereign individuals (real or virtual). I believe in maximum monetary freedom and I see it as the overriding liberty issue related to political economics. Within monetary economics, the sub-discipline of cryptocurrencies rests on the premise of public key cryptography in a decentralized nature being the bulwark against encroaching State monetary interference.

My brief holiday foray into this subject was sparked by this titillating but impoverished article. Fortunately, I just learned about an exciting new company that provides two-way convertibility for your Diablo 3 gold.

For further reading:
"How Valve Will Single-handedly Save PC Gaming", Anshel Sag, July 10, 2012 
"5 reasons grids should use Bitcoin", Edmund Edgar, July 4, 2012

Thursday, July 5, 2012

Wikipedia Accepts 'Enemies Of The Internet' Currencies

By Jon Matonis
Friday, June 29, 2012


In their annual donation drive to attain $29.5 million for 2012, the non-profit Wikimedia Foundation and its largest project, Wikipedia, will accept donations in four of the 12 'Enemies of the Internet' currencies. Far from bastions of liberty, these are regimes noted for their egregious censorship and systematic repression of Internet users -- Bahrain, China, Saudi Arabia, and Vietnam. Of course, it's great to get donations from the suffering and violated netizens of those regimes. But just don't try to donate safely in bitcoin -- it's not accepted.

Here's a list of notable organizations that accept bitcoin donations and Wikimedia is mysteriously absent. Following the disappointing example last year from the Electronic Frontier Foundation, Wikimedia specifically excludes donations in bitcoin and explains it with this odd statement:
"Why does the Wikimedia Foundation not currently accept Bitcoin? The Wikimedia Foundation, as a donor-driven organization, has a fiduciary duty to be responsible and prudent with its money. This has been interpreted to mean that we do not accept 'artificial' currencies - that is, those not backed by the full faith and credit of an issuing government. We do, however, strive to provide as many methods of donating as possible and continue to monitor Bitcoin with interest and may revisit this position should circumstances change."
It is not a breach of fiduciary duty to accept near-frictionless bitcoin instead of funneling 3% or more to the PayPal-credit card oligarchy. That is just a silly statement because cryptocurrency donations are far more efficient than dealing with payment processors and physical in-kind donations. Donations are distinctly different than regular consumer purchases and it behooves the non-profit organization to provide flexibility to donors and to maximize fundraising efforts.

Also, let's look at some of those issuing governments that provide their full faith and credit as backing for "non-artificial" currencies that Wikimedia Foundation is so pleased to accept. I realize that to a certain extent currencies do not have a morality. However, political Statist currencies that are underwritten by repressive regimes and then further manipulated by the regime's corrupt monetary authority would at least carry some stigma when donated to an entity that depends on Internet freedom.

The decentralized nonpolitical 'real' bitcoin would appear to be the least tainted of the bunch, Jimmy. Bitcoin is immune to the political pressures faced by PayPal, VISA, and Mastercard during the infamous Wikileaks payment blockade. Given that Wikipedia 'blacked out' on January 18, 2012 in ardent opposition to SOPA and PIPA, bitcoin would also appear to be amazingly aligned with objectives for a free and open Internet.

In their Internet Enemies Report 2012, Paris-based Reporters Without Borders details some of the countries (I mean... issuing governments) that pose the gravest threat to basic Internet freedom through their aggressive deployment of online surveillance and content filtering:

Bahrain "offers a perfect example of successful crackdowns with an information blackout achieved through an impressive arsenal of repressive measures: exclusion of the foreign media, harassment of human rights defenders, arrests of bloggers and netizens (one of whom died behind bars), prosecutions and defamation campaigns against free expression activists, disruption of communications."

China perhaps may have the most sophisticated online censorship and surveillance system in the world. "The soaring expansion of the 'Participative Web' and related impact on social and political debates are making it harder each day for Chinese censors to do their job. Harsher controls and crackdowns on netizens and their online tools have been symptomatic of the regime’s increasing concern over potential fallouts from Arab Spring and the Internet and social networks’ role as sounding boards."

Saudi Arabia, with harsh censorship and intolerant of criticism, "did everything possible to dissuade the population from supporting the Arab revolutionary movement. Its rigid opposition to the simmering unrest on the Web caused it to tighten its Internet stranglehold even more to stifle all political and social protests."

Vietnam is aware that they cannot impose complete control over the news and authorities are afraid of an increasingly connected population. "The regime’s attention is focused on the Arab world and its protest movements. Paranoid authorities have stepped up repression and control to stave off any possibility of a regime collapse, favoring surveillance over increased filtering. Bloggers have been the target of a new wave of arrests."

There you have it. The Bahraini dinar, Chinese yuan, Saudi riyal, and Vietnamese dong are all acceptable to Wikimedia as currencies backed by the full faith and credit of their governments! Turkmenistan and Uzbekistan are two other declared enemies of the Internet but Wikimedia allows them to select Russian rubles as the donation payment currency.

In the slightly less offensive "countries under surveillance" category, selected entries represent the following donation currencies acceptable to Wikimedia: Egyptian pound, Indian rupee, Kazakhstani tenge, Malaysian ringgit, Russian ruble, South Korean won, Sri Lankan rupee, Thai baht, Turkish lira, and United Arab Emirates dirham.

Shining a spotlight on repressive Internet cultures points out that it may be only a matter of time until freedom of payment to politically incorrect causes is threatened as well. Moreover, it might become extremely dangerous for some of those citizens to be personally attached to a traceable Wikimedia credit card donation. Accepting anonymous bitcoin in addition to political currencies can be a way of declaring that freedom of speech still does matter. Sensibly, the New York City chapter of Wikimedia rejects the party line and is accepting bitcoin donations for its local outreach programs.