5 Privacy Tools for the Practically Paranoid in 2018
uMatrix is a powerful tool to protecting your web browsing privacy. This robust browser plugin gives granular control over incoming web content, allowing users to block all cookies, css, images, media, scripts, XHR, iframes, et al. web content.
Since modern webpages are often bloated, resource hogs, loading tons content from third-party websites like facebook and google, it is a good idea for users to block or at least monitor what code is being loaded in their web browser. Therefore, uMatrix is a great resource to those users who are conscientious of privacy.
*A word to the wise, along with ads, third-party trackers and scripts, uMatrix will block everything by default. Therefore uMatrix is for advanced users, and will require some customization and getting used to. For this reason uMatrix remains a powerful tool for ensuring privacy when browsing the web.
*An alternative to uMatrix is NoScript, however, some find the GUI style of uMatrix easier to use.
The plugin was developed by Raymond Hill and is opensource.
I2P (Invisible Internet Project) is…well, you can read an introduction on the official site:
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points (“destinations”) are cryptographic identifiers (essentially a pair of public keys).
Difficult? There is an even lengthier Wikipedia entry.
Simply put, I2P is something like Tor. You may call it Tor’s distant cousin. Like Tor, you can visit or operate (special) websites without being known your identity. You can use I2P for protecting your privacy, without fearing tracking or censorship. Remember, privacy IS freedom. I2P can help you keeping it.
For a more complete list of interesting I2P services, read the Guide to I2P services. Or visit the i2p clearnet forum.
#3 Tor (anonymity network)
Tor is free software for enabling anonymous communication. The Onion Router uses heavy public key cryptography vetted by infosec professionals and boasts an impressive staff list on its board of directors. There are a growing number of active Tor nodes scattered across all continents as Tor continues to establish its place as a reliable and respected privacy tool.
The core principle of Tor, “onion routing”, was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.
The Tor network is made up of volunteer-operated servers that allow people to improve their privacy and security on the Internet. Tor is accessed by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.
Signal is an open source messenger that is fast, simple and uses powerful end-to-end encryption. Signal is a viable and easily accessibly alternative to established older privacy tools like PGP, and GPG. However, communications made over signal are extremely secure due to end-to-end encryption.
Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and a Triple Diffie-Hellman (3XDH) handshake.
It uses Curve25519, AES-256, and HMAC-SHA256 as primitives. The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka perfect future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity. It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.
Signal is available for Android, iOS, Linux, Windows, and MacOS. Signal is a wonderful tool for privacy because it is user friendly, uses strong end-to-end encryption, and the protocol is open-source Github — Download.
Matrix is an open protocol for real-time communication. It is designed to allow users to communicate via online chat, Voice over IP, and video-telephony. Matrix aims to make real-time communication work seamlessly across the internet, just like standard Simple Mail Transfer Protocol does for email.
From a technical perspective, it is an application layer communication protocol for federated real-time communication. Matrix provides HTTP APIs and can integrate with standard web services via WebRTC, facilitating browser-to-browser applications.
Some features of Matrix:
- Voice & video calls
- File Sharing
- History synchronization
- End-to-end encryption
- Bridges (IRC, Slack, Gitter, Skype, XMPP, more…)
- Server federations
- HTTP APIs and SDKs (iOS, Android, Web)
These features make Matrix an exciting project to watch and participate with, in early 2018 Matrix was chosen by the government of France for a secure communications application infrastructure.
#6 IPFS Interplanetary Filesystem
IPFS is not a privacy tool or anonymity protocol, however the design of IPFS and the technology does provide a pseudo-anonymous network for data distribution and content delivery. IPFS is an innovative platform and has enormous potential making it an exciting emerging technology and deserving of mention in this article.
IPFS is an ambitious and elegant technology aiming to reinvent HTTP and build a distributed and permanent web, built atop stable and simple sub-protocols.
IPFS combines a distributed hash table, an incentivized block exchange, and a self-certifying namespace, and defines data by using a generalized Merkle directed acyclic graph DAG. IPFS has no single point of failure, and nodes do not need to trust each other not to tamper with data in transit. Distributed Content Delivery saves bandwidth and prevents DDoS attacks, which HTTP struggles with.
The filesystem can be accessed in a variety of ways, including via FUSE and over HTTP. A local file can be added to the IPFS filesystem, making it available to the world. Files are identified by their hashes, so it’s caching-friendly. They are distributed using a BitTorrent-based protocol. Other users viewing the content aid in serving the content to others on the network. IPFS has a name service called IPNS, a global namespace based on PKI, serves to build trust chains, is compatible with other NSes and can map DNS, .onion, .bit, etc. to IPNS.
IPFS is named the Interplanetary Filesystem and is a true homage to J.C.R. Licklider in name and ambition, good ol’ Lick was an original visionary of the internet and ARPANET, or as Lick referred to as the “intergalactic network”.
IPFS is an open-source project Github — Download
About the Author: Louis Powers is an information security consultant and works for Bluetrain Computers in Stony Point, New York.
146 S. Liberty Stony Point, NY 10980