Life & much, much more

Improving human rights through secure messaging

Earlier this year, I talked about how important digital privacy is (even if you don’t think it is). I talked about political oppression, and how raising the awareness of basic digital privacy largely benefits those who are politically oppressed. Using secure services increases the amount of infrastructure dedicated towards them and raises the standards of digital security worldwide. But before we talk about how we make the first steps, let’s remind ourselves why this is so important.

2018 Freedom in the World index map

The map above shows the results of the 2018 Freedom in the World index, derived largely from the Universal Declaration of Human Rights. At the time, it was signed without competition by all UN member states. Green is free, yellow is partly free, and red is not free. As of 2018, more than half the countries in the world have issues.

Percentage of countries in the freedom in the world index over time

There are quite a few ways to slice and dice freedom index data, but the general trend since the 1970s can be seen in the graph above – showing the distribution of free countries over time. Generally, since the 1970s, we’ve improved a bit, but largely stalled in the past 20 years. More than half the world still seems to have some problems in regard to political and civil liberties, and a few are getting worse. Of course, the above data is a gross simplification, so if you’re interested in seeing more detailed and granular metrics I highly urge you to check other dimensions such as Our World In Data’s Human Rights graphs.

The good news is that we all use the internet, and by using it we shape how it grows, and that allows us to make an impact on human rights. The World Economic Forum illustrates the link between digital privacy and human rights in the quote below:

Digital rights are basically human rights in the internet era. The rights to online privacy and freedom of expression, for example, are really extensions of the equal and inalienable rights laid out in the United Nation’s Universal Declaration of Human Rights.

As a case study, Facebook bi-anually releases a report called the Global Government Requests report (see the 2017 Global Government Requests Report blog post). In the first half of 2017, it shows that there were roughly 79,000 government requests for data for 115,000 user accounts. That’s more than double what it was three years ago (35,000 user accounts). Every report sees an increase in the number of requests, easily growing more than 30% each year. Yikes! That’s some serious compounding privacy interest!

However, there are steps we can take to raise the basic levels of digital privacy online. By adopting these technologies, we increase the global average cost per capita of digital mass surveillance — and reduce its efficacy as a tool to control and oppress those in need.

Our online activity can largely be grouped into three categories, messaging, email, and web browsing. By changing a few habits in our day-to-day online activities, we can make a difference. In this article, we’ll concentrate on messaging.

We send messages all the time – SMSes, through Facebook Messenger, WhatsApp, Skype, Google Hangouts and so on. If you’re the statistically average user, you have 2 messaging apps, and they’re both on the chart below. The data comes from Statista, and I’ve rehashed it slightly.

Global monthly active users for different messaging apps

(note: due to a formatting error, you will need to multiply the horizontal axis by 1,000. So Facebook’s numbers are over 2.5 billion!)

What you may not know is that big data on the internet is owned by a handful of companies, governed by a handful of countries. USA’s Facebook and China’s TenCent gathers more of your messages than probably everything else combined. These companies have little to no incentive to protect your data, actively create digital profiles of you, and are based in countries that have governments that are more than happy to ask for it to be disclosed. .

But don’t listen to me, listen to Amnesty International’s Encryption and Human Rights Report instead. Unless you’re using Facebook’s WhatsApp (which is the least bad), Amnesty International thinks you deserve a slap on the wrist. Worst of all messaging apps is China-based TenCent’s QQ and WeChat, which scores a 0 out of 100 in protecting human rights. It has no encryption specification, does not recognise threats to human rights, made no commitment to freedom of expression, actively detects and censors content, and does not refuse backdoor implementations. So, if you send money through WeChat (yes, WeChat has higher transaction volumes than PayPal), guess what? It’s public! We could go through the many examples of public data but I’ll let you read the publication yourself and judge.

So what makes Facebook’s WhatsApp the least bad? Well, for a start it has publicly stated there is no encryption backdoor – no built-in mechanism for sharing your data. It’s more transparent and tries to notify you if your data is being requested, and produces bi-annual reports that we saw above. But perhaps the most effective secret sauce — the gold-standard of digital humans rights protection — is that it supports end-to-end encryption. This means that the moment your message leaves your device, nothing can read it.

WhatsApp’s end-to-end encryption isn’t it’s own invention. Like any robust cryptography standard, it is based off free and open-source software. Many years ago, defectors from Twitter started a collaborative effort called Open Whisper Systems and developed the Signal secure messaging system. Signal is not owned by any company or country, is open-source, and primarily funded by the Freedom of the Press foundation. For instance, if you want to tip off The Guardian, Signal is one of your options.

Signal logo

However despite WhatsApp’s best intentions in using the Signal system under the hood, its nature as a Facebook acquisition, organizational structure and some of its other technical decisions means that WhatsApp falls short of Signal’s encryption standards. In short, WhatsApp retains metadata about your contacts and messages, which may be used to infer information about you (much more than you might think!). Luckily, the small core team that built the Signal system also have their own app, which is completely privacy focused. It looks just like any other messaging app out there, and anyone can use it if they truly want to get top-notch security and privacy. Here’s a screenshot of it from the official Signal website. If you have an iPhone or Android, you can download it from the app store for free. It works on your computer with a computer app, and also works as a Signal command line app if you’re a terminal junkie.

Signal messenger app screenshot

In fact, the core Signal app is such an ideal state of privacy in the messaging world that apart from earning a special mention in the Amnesty International report, it also earned a 50 million USD investment from the co-founder of WhatsApp. Brian Acton, the co-founder of WhatsApp, was around when WhatsApp made the initial jump to use Signal as its system under the hood, and after he left Facebook and WhatsApp, donated to create the Signal Foundation – a non profit organisation to protect data privacy, transparency, and open-source development, which aligns with Acton’s personal beliefs.

If two people want a private conversation, electronic or not, they should be allowed to have it. – Brian Acton, WhatsApp co-founder

There’s still so much to talk about, but let’s stop here. I highly recommend that even if you do not fully understand the technical background behind encryption or the full extent of the humans rights impact, to take the first step and install Signal.

See you on the other side!

P.S. For the more technically inclined, you may instead be interested in setting up your own XMPP server that supports the OMEMO XEP. OMEMO is an implementation of the same cryptographic technique pioneered by the Signal protocol, and XMPP offers decentralised messaging, in contrast to Signal Messenger, which for all practical purposes is a centralised system (theoretically, it is possible for somebody to use the protocol and build in federation support).


How to Actually Use Your Computer: Part 2

It’s been quite a while since I had part 1 of this series. However, here is part 2.

By this stage, you would almost definitely fit within the “Usage due to environmental pressure” or “Usage due to personal interest” groups. Both of these groups have similarity when it comes to end-user usage. This means that fundamentally, there are some things that everybody uses a computer for. I will go through each usage and explain in detail how you’re totally missing out. However due to space restraints, in this part of the series I will focus on two main ones.

Usage 1: Web browsing / Email & PIM / Instant Messaging

For web browsing, we all use a web browser. Such common examples are Internet Explorer on Windows, Apple’s Safari, the open-source Mozilla Firefox, Google’s newly released Chrome, and a variety of others, such as Opera, Flock, Konqueror, Epiphany, or CLI browsers like Lynx. What a web browser does is interpret a website’s source code so that it can be displayed to you in a way you understand it. This means that an important part of deciding which browser is best for you is how well it displays webpages. Here’s a summary of the list of features you should look for:

  • Size
    • How large is the application?
    • How long does it take to start up?
  • Does it display correctly?
    • Check your favourite web pages, do they work correctly?
    • Do certain webpages cause crashes?
    • Does it allow embedded animations, javascript, or shockwave?
    • Does text look nice on it? (Antialiasing)
    • How fast is it to load pages?
  • Does it have the features you use?
    • Does it have tabs?
    • How well is its bookmarks feature implemented?
    • Are you happy with text zooming, page history, caching, or download management?
  • Does it allow you to connect online? (proxies, etc)
  • Is it secure?
  • Does it allow for extensions? (Customisation, plugins, addons, etc)

Notice how what I’ve not done is said “This is the best browser, use it”, but instead told you what constitutes a good browser (which is mainly due to personal preference) and given some alternatives. What you should do now is check if your browser is up to date (Don’t use something like Internet Explorer 6), then start downloading alternatives and trying each of them out in turn. Here’s a list you might be interested in:

Firefox, Opera, Chrome, Flock, Konqueror, Epiphany

Alright, let’s move on towards Email and PIM. What’s PIM? It’s Personal Information Management. This covers everything from your email, contacts/address book, calendar/schedule, todo-lists, feed/newsreaders, notebooks, journals, and alarms. You’ll find that your handphone probably covers all of these, but you’ll find out that it’s about doubly as effective if you manage this on your computer (especially if you have quick access to your computer).

Let’s start with email. If you’re happy managing your email from websites like GMail, Hotmail, Yahoo, etc, then you can probably skip this. If not, and you prefer to use a client application (like me), then keep reading. If you do use a client, and it’s a Microsoft product, it’s probably Outlook Express. It’s probably the worst thing invented since Internet Explorer. It’s hopeless. Here is what you should use. Mozilla (the guys that brought you Firefox) have this nifty email client known as Mozilla Thunderbird. I don’t care much for different clients – for me it’s simply a matter of if it integrates with my system and works. However, another alternative is Evolution. There aren’t that many alternatives when it comes to email clients. What I use is KMail, which is part of the Kontact PIM suite, which I’ll cover next.

Aha, the PIM suite. Windows provides Windows Address book, which 99% of you have probably never even heard of. That’s right, it exists. Try searching in your accessibility menu or similar in your start menu. You’ll find it lurking there, and then you’ll wish you could remove it. I don’t know much about Mac’s PIM applications, so I’ll simply disregard them. The best PIM suite in my opinion is Kontact. It’s basically a merged interface of the entire suite including KMail, for an email client, Calendar, for scheduling (amazing application), To-do (for to-do lists), KAddressBook (for contacts), Akregator (for feedreader), KJots … journals, notebooks, Popup-notes, time tracking, and alarms. It’s amazingly polished, you can repeat tasks, have reminders, many different views, and if you’re on Linux and use KDE, it complements the entire system amazingly. It integrates with everything. Sending an email with KMail? It’ll check your KAddressBook. Using Plasma’s post-it notes? It’ll check your popup-notes. Your Calendar missing something? It’ll check your to-do list. Need I say more? Amazing. Definite recommendation from me to use it.

OK, let’s move onto Instant Messaging, or IM. Most of you use MSN messenger. Some use Skype, some use IRC, ICQ, Jabber protocols (including GTalk), etc. I don’t know of any other program that gives you Skype power other than Skype itself, so I’ll skip that. However, especially if you’re the kind that uses GTalk and MSN at the same time, whilst chatting on an IRC channel (don’t worry if you don’t know what IRC is!), you’d appreciate a more powerful program. Ths first alternative is Pidgin. Pidgin’s a pretty big penknife of protocols, and if you want a do-it-all client, that’s what you should check out. Kopete is another one, which is my personal favourite, especially because it integrates with KDE. I’ve heard Trillian is also pretty powerful, but I don’t know that much about it. In general, all those mentioned applications are pretty polished and can support all that you’d want to do (status messages, avatars, nudges, etc) but if you can’t live without spamming random “winks” on MSN messenger, you’d probably be better off without any client at all.

Usage 2: Document editing

I’m going to make this section a short one. Mainly because I believe it’s very much a case of “If you can use it, and it gets the job done, it’s good for you.” Most of you are using the Microsoft Office suite, either for Windows or Mac. (that’s Microsoft Word, Powerpoint, Excel, Access, Publisher, Frontpage, Visio, etc – for Mac, I can’t remember the names) Unless you’re running an illegal copy, you’ve probably broken your bank to run it. Here’s where I step in and say “hey guys! You could’ve got an office suite for FREE!“.

The first alternative that springs to mind is This was developed by Sun Microsystems, and it’s their open source free version of the proprietary StarOffice suite. This technique of releasing open-source software with a commercial product to back it up is the ideal win-win situation. 1) The company gets money for those that prefer the commmercial alternative. 2) The open-source development is more organised with an actual incentive to improve it (as it tags behind the comemrcial product). 3) The users get the best of both worlds. OpenOffice provides a word processing application ( Writer), presentation software (equivalent of Powerpoint – Impress), spreadsheet management ( Calc), database management ( Base), as well as a nifty mathematical formula tool called Math. Missing your Publisher (if you are, you need some serious mental help)? Simply use Scribus. It’s amazing. In fact, the first issue of Perspective was made with it (unfortuantely future issues will require Adobe InDesign, as our printer now wants the format in InDesign save files instead of .pdf). Missing Frontpage? (Similarly, you will require mental help if you do), simply use something like Quanta, Bluefish or Nvu.

Another alternative to OpenOffice is KOffice. This is built for KDE but works on Windows and Mac too. Though in my opinion not so developed as OpenOffice, they have some unique features that might be just what you need. They’re also pretty thorough, and even include an alternative for Visio (Kivio), and image editing programs like Karbon14. I will cover image editing in another part in this series.

Of course, if you don’t need a whole office suite, there are small alternatives, which work especially well on an old computer or if you just want to do something quickly. Such examples of this are Abiword (for word processing), or Gnumeric (for spreadsheets).

As a conclusion, I’m not trying to say that you shouldn’t use any Microsoft products, or you should only stick to open-source programs, I’m just trying to open up some alternatives. It is true that some of these alternatives are better than what most people use, and therefore I’m simply here so that you find out what works best for you. Want my personal “awesome” list? I use Firefox for web-browsing, Kontact as my PIM suite, Kopete as my IM program, and OpenOffice as my office suite.

Stay tuned for the next part in this series.