Last month I posted a pretty lengthy page about government surveillance and what you can do to avoid it. I’d planned to do a ‘part 2’ which would give instructions for building a Raspberry Pi-based router which would redirect all your web traffic through a VPN.
I did build a router myself and started writing a page with instructions for doing so yourself. However, I’ve decided it’s no a very exciting post. More importantly, it’s nothing new – there are plenty of excellent instructions from other people on how to do this so I’ve decided that writing that post wouldn’t be adding anything to this blog. Instead, I’ve posted some links at the bottom of this page to instructions on how to build the router.
Since my last post, there have been a couple of stories that I feel are relevant:
Government Surveillance In The News
I was pretty encouraged to hear that a human rights group called ‘Liberty’ are launching a legal challenge to the bill. You can donate to their legal case here. It’s worth taking a look at their website too, they have some really good material and make some strong arguments against the bill (a bit like my last post but better).
In other news, I was quite concerned by this BBC article. It’s titled ‘Why you shouldn’t worry about the WhatsApp security bug’. It then goes on to thoroughly worry me, here’s why:
It is not a ‘bug’
In summary, it turns out that WhatsApp messages, which are normally encrypted, aren’t as secure as you may have thought. The encryption has a deliberate backdoor. I’m not wanting to get into the details of how encryption works (I could write blog posts on encryption for a year and still have hardly scratched the surface). But basically, here’s how encryption works:
- You take a raw message and encrypt it with some mathematical function. This is called a cryptographic hash function. It usually involves prime factors (ie two prime numbers multiplied together) but we’re definitely not getting into that now.
- A strong hashing function will allow you to encrypt the message easily but decrypting it would require you to ‘brute force’ all possible solutions until you find the correct one. This is extremely costly.
- However, if the person you send your encrypted message to has a ‘key’, they can decrypt the message easily.
- Simple. However, many cryptographic functions have ‘breaks’ which allow a solution to be found without the key. If a method to find the solution is faster that brute force, that method is a ‘break’.
- Some breaks are no issue – they would still require years to implement. However, if a break is found that can be run in a short space of time, it is colloquially known as a ‘backdoor’. This allows the encryption to be effectively bypassed.
- It is extraordinarily difficult to demonstrate that an encryption standard doesn’t have a backdoor. The organisation that is probably best at finding them is the NSA – they have the resources to do so. They also tend to not tell anyone when they find one.
So going back to WhatsApp, it turns out they deliberately made a backdoor available in their encryption standard. Now, if I’m honest, I reckon most if not all publicly available encryption standards have backdoors . The NSA already demonstrated that with the Apple iphone debacle last year – they effectively cracked the AES-256 algorithm (the best publicly available one) but not before pretending they were incapable of doing so. In other words they lied. However, I believe it’s extremely dishonest to mislead the public by not telling them their encrypted messages can be easily read.
So, it isn’t a ‘bug’; a bug is an error in your code which is unintentional. This is entirely intentional and I fear it’s becoming more and more the norm. I do not believe it is ‘nothing to worry about’.
Anyway, that’s enough on government surveillance for now. It’s making my blog a bit boring so it’s time I moved onto making things and finding cool things in data – that’s why I started this all in the first place!
What I’ll be doing this year
Here are some things I plan to post about in the next few months:
How a computer works
I have put together a pretty unusual but really cool animation which gives an idea of how your computer works right down at the transistor level. I’ll hopefully be doing that post in the next couple of weeks. It’s not my normal type of thing but I think it’s pretty cool.
Where is MH370?
I’m currently working on an absolutely huge debris drift simulation to try and come up with my take on where MH370 crashed. I want to get it up by the 3 year anniversary, which is the 8th of March. It uses 200GB of data so it’s proving to be a pretty huge programming challenge for me.
Leaked password analysis
I have (legally) got hold a big list of leaked passwords and usernames. I’m planning on looking for interesting patterns in the data. To give an idea of how interesting this may be, it is astonishing how may people use a single word for their password – that would be cracked in seconds by a dictionary attack.
SDR meteor detection
I’ve been meaning to use my software-defined radio setup to detect meteorites, and hook it up to a suitable machine learning algorithm to automatically flag up detections. If I get really into this one, I’d like to build a passive radar but we’ll have to see if I get time to do that.
Your project – send me your data or ideas!
If you have something you’d like me to post about, just get in touch. I’d be delighted to analyse any data you have, or just do a post on something you find interesting.
Hopefully, my next post will be up not long after I finish my exams (1 week from now).
These links give instructions on setting up a Raspberry Pi VPN router. You can either follow the first one all the way though, or follow the second, and set up your VPN with the third link.
A good guide to building a VPN router with a raspberry pi. You can treat it like a normal wifi point, except when you connect, all your traffic will be routed through your VPN:
Setting up a Raspberry Pi Wifi access point. I think this is better written than the above guide for beginners. However it doesn’t give instructions on how to configure to connect through the VPN. No problem though, the third link tells you that!
If you’re using NordVPN, here’s how you configure the Raspberry Pi to route through it: