Saturday, January 31, 2009

Long Term Practical Proxy Report

All are totally free, not free trial, some with optional paid services.
Hotspot Shield is still awesome. It's fast enough for watching Hulu movies. It's VPN so it support all protocols. All network traffic such as email, IM, etc are routed through it. You can check that it's working by using WireShark or just by firing up Windows Task Manager. On the network tab there is a VPN Adaptor in addition to your original Local Network connection. Traffic in both network connection is the same as any protocol goes through the VPN Adaptor first, then being converted to encrypted OpenVPN protocol, which then go through your hardware network card. If you use WireShare, you can see the protocol conversion. There are others, but only Free Trial. AlwaysVPN started charging but the old free beta version still works, though a lot slower than Hotspot Shield.

Hotspot Shield is ad supported with a banner on top. But it's pretty easy to get rid of it. A sure thing is to use encrypted connection such as https with your bank. You can also use any of the other proxies as they are all encrypted. The advantage of using another encrypted proxy is that, Hotspot Shield knows my IP, but it doesn't know anything about where I'm visiting and the contents. I have successfully use bittorrent for a couple of hours without disconnection. A BT client which hide the BT protocol helps. The speed is decent even that other peers cannot initiate a connection to you.

I use all the other proxies because their speed varies a lot, and sometimes fail. So the necessary Firefox add-on is FoxyProxy. Forget about the fancy options, just add a proxy, give a name such as ultrareach, and then the host and port. Set leftclick option to cycle through the proxies.

Apart from the German JonDoNym (and Hotsport Shield), all are American proxies aimed to bypass Chinese censorship. The software is not open source. You don't know who is behind the software or individual servers. So use it at your own risk. Possible funding sources are Voice of America, Fulong Gong. Most are detected as virus, malware or spyware. I can assure that they are not destructed virus (so far). But I don't know if they spy on me or not. But with Hotspot Shield running under, they don't know my IP. Also, if your anti-virus or anti-spy scanner cannot set to ignore them, it's a bit inconvenient. You may have to pause your anti-virus shields momentarily when you start them. They say the Chinese report them as malware on a large scale so they are detected as such. Some malware detectors had taken them off the list but there are too many detectors.

Ironically, all the Chinese censorship bypassing proxies have heavy censorship in varying degrees. Porns are out, but it's a good thing, otherwise the servers will be a lot slower. Anti-virus companies are out if they don't take them off the virus list. They also protect surfers by disallowing websites with dubious privacy policies, even Google. That's why you need slower proxies but with less censorship.

UltraSurf is very fast most of the time. You can even watch youtube with decent speed. Censorship is heavy. Supports only http protocol.

GPass is pretty decent until recently. May be it doesn't work well with Hotspot Shield. It supports many protocols via socks, such as email clients, IM, streaming video players. It can also route through Skype, so when you are browsing something forbidden, it appears to spying eyes that you are making a phone call, or other Skype users are making p2p phone calls routing your PC.

GTunnel is currently decently fast. It also supports Skype. It's the most often detected as malware.

FreeGate is not free anymore for non-Chinese users. Phoenix is another free VPN, but the Chinese interface makes sure that non-Chinese cannot use it.

JonDoNym is pretty slow part of the day. However it's reliable when it works and censor free. But with German data retention law, it's the most traceable by court order.

TOR is only useable in a small window around UTC 8 am. But it's nearest to be untraceable.

That's what I use on a daily basis.

Thursday, January 22, 2009

TrueCrypt - virtual encrypted disk

TrueCrypt looks and sounds complicated, but actually it's pretty easy to use. It is not only a file or data encryption, but provides file system encryption, which makes it usable on a daily basis. I never had the patient and discipline to maintain encryption files, but now most of my secrets are encrypted on a constant basis.

All the default options will give you safe and secure encryption - you create a fixed size file that becomes a virtual disk with a drive letter (on Windows), protected by a password. When the file is mounted, you can see an additional disk drive that you can access like any others. When the file is dismounted, via TrueCrypt or by pulling the plug, the file remains an encrypted file with no known backdoors. You can exit the TrueCrypt user interface anytime while the encryption engines run in the background.

There are some actions that you may want to perform. One is under [tools], [refresh drive letters]. For some reasons, after you mount or dismount, the drive letters are not always updated. The other action is under [volumes] , [store volumes as favorite] and [mount favorite volumes]. I also put TrueCrypt into my start menu, and set it's preference to Mount favorite volume when started. So basically whenever I login to or boot up windows, I also have to login to my most used virtual disk.

The most useful feature I use is to encrypt all my surfing activities by encrypting my Firefox profile. I worked in competitive or secretive companies before. When someone quit or being fired, they may be escorted immediately by security guards out of the door. You don't even have time to erase your private bookmarks or caches. This is more real than being raid by the FBI, NSA, or US Secret Service. Smashing the harddrive is too late and hardly effective. With TrueCrypt you just need to pull the plug, or dismout gracefully when you have time.

To bring up the FireFox profile manger, edit the properties of any FireFox shortcut, find the target in the form of
"C:\Program Files\Mozilla Firefox\firefox.exe"
and add the option
"C:\Program Files\Mozilla Firefox\firefox.exe" -profilemanager

Create a TrueCrypt drive and mount it as say z. When you create a new profile, you can pick your own profile directory to be in the z drive. The default profile directory is where your current profile is at, so you can find it and copy it over if you need to.

If you have multiple profiles, you can edit any FF shortcut to go straight into that profile:
"C:\Program Files\Mozilla Firefox\firefox.exe" -P profileName

The other useful FF option is -no-remote, so different profiles can be used at the same time.

FireFox stores everything in the profiles, history, bookmark, encrypted passwords and cache etc. So when the profile drive is not mounted, all your data are encrypted, and FF can't even run. Most add-ons also store data in the profile directory. But if you are using some extensions that handle secret or private data, you have to check.

If you use encrypted virtual drive continuously, as in using it as for FF profile, you have to avoid automatic force dismount under some circumstances. If your drive is force dismounted while in use by some application such as FF, the drive letter is not available anymore, and you have to reboot to clear it up. For security reason, drives are dismounted after certain time by default, when the screen saver is on, or other power management features.

In the pass, I had major inconveniences during upgrade of OS, either by choice or by force due to hardware replacement. I am wary of compression and backup utilities that uses proprietary formats. TrueCrypt is open source, use standard encryption, and I stord a copy of the software just in case.

TrueCrypt is safer and more secure in many ways. There is no decrypted copy at anytime, so you don't have to worry about magnetic traces on the physical devices. You can pull the plug anytime once you finished updating something - they were encrypted on the fly.

Will you lost the whole file or whole virtual disk due to hard disk corruption? Firstly, disk/file corruption doesn't happen anymore nowadays. Secondly, I don't think you will lost any more data than what you lost if the file is not encrypted. The encryption unit will be file sectors. There are redundancy to ensure that the volume can still be accessed when error occurs.

DVD's and CD's are more tricky. There are redundancy in DVD's to ensure that data can still be recovered when there are errors, comparable to hard disks. But you don't touch or smash hard drives. I would test DVD's for recoverable errors yearly or once several years. Most DVD burning utility comes with test scans. If these error occurs, it's time to make a new error free DVD. Again I don't think you will lost more data than if the disks are not encrypted. But since the encrypted file sizes are larger, you are a tiny little bit more exposed to disk corruption.