The odd-musings of Jared, the Director of Network Security for IAPS Security Services.

The below article was something I wrote over a year ago for this site and a topic very much relative to todays world. Enjoy the article and I’m happy to hear any comments you may have regarding it.

_____________________________________________________________________

Date: Sunday June 15, 2008
Author: Jared T.
Organization: International Alliance Privacy Services

This may become quite a large article, but it will cover many topics I have been meaning to write about for quite some time now. This article will focus on discerning the truth from lies, fact from fiction. Sit back and enjoy the article.

Looking around the internet, I see many websites in the “privacy” business making claims that are just flat out impossible to be true. I have seen claims of such high encryption levels, ultimate protection that not even Satan himself could penetrate. Yet as I see where the claims are coming from, most of them are United States based claims. As all who are internet wise, we know that the United States is pro-censorship and that the omni-present National Security Agency is ever present in as many places as possible. Many years ago the NSA had 17 acres of under-ground super computers to monitor national and international communications. Do you know how many super computers make up 17 acres of land? There must not be much soil left under Fort Meade, Maryland where the home of the NSA resides. Now what do you think they are doing nowadays with quadruple the amount of resources and black-ops funding? Lets also add non-congressional oversight.

Some of you might remember the press news articles and media attention received over U.S. President George Bush’s policy of illegal wire tapping. However, most of you didn’t hear that AT&T was one of the biggest data pushers of its clients data right into the hands of the NSA. (source # 1) (Mark Klein – Former AT&T Technician) (source # 2) Although this situation was brought to national and international attention, do you think it really stopped anything? Yes, all you SBC internet users who are now AT&T clients can rest assured that you have absolutely no internet privacy either now or in the future. But do you think it really ends there? Nope.

Now we are not only going to focus on insecurity in the United States. There are more countries than you might think engaged in this practice. We will hit on those countries soon enough. The next biggest lie we came across was the boasting of a 100% up time. Now looking at this situation a bit closer, we see how and why they can make such a claim: if you have 7 servers and 3 are down and 4 are up, then you can claim a 100% up time. Thats the basic philosophy of many in the privacy business. Now how is this an accurate or a fair assessment of their ability to keep their servers up? Its not and its an out right lie. A further analysis of these same providers is that most, if not all, of their servers are located in only one country such as the United States where privacy is non-existant and they, or their data centers can be made/forced to give up their client data or have their servers physically confiscated at any time. Our data also shows that many of these organizations do not have actual hard drive encryption on their servers which means if the law does come and take them, guess what? Your activities are going to be laid out on a silver platter for the NSA/FBI/DIA/DEA/ICE/NRA/IRS/CIA or any of the other 3 letter agencies (TLA) I may not thinking about at the moment.

But its not encryption alone that can save your hide. It is a well known fact that the NSA only makes contributions to the cryptographic world when they can crack the encryption before its released to the unsuspecting public. (source # 3) It is also a known fact that Microsoft and the NSA have collaborated and Microsoft has implanted NSA decryption keys in all its versions of the Microsoft Windows operating systems. (source # 4) (source # 5)With this knowledge in mind, how does the U.S. Government claim democracy when they have trap doors built into all Microsoft operating systems, most of the popular firewalls in use today, and they can crack your encryption keys with pretty much ease? (source # 6) This leaves the never answered question: why does the U.S. Government reserve the right to walk into the back doors of any computer it wishes world-wide? Who made them the gate keeper?

This brings me back on point here: for those of you on U.S. based “privacy servers” who are under the impression that you are completely safe and untouchable, think again. You can, and probably are, monitored all the time by the flow of data re-routed to the NSA or its affiliates. Simply put, U.S. networks are simply not safe. Bearing this in mind, you do not have to be a criminal to want your privacy while you are online. You may be a priest that likes a little porn now and then and want that secret kept a secret. Why should any government be allowed to take that privacy from you? Its my opinion that this is something that should not be allowed. Another example is if you are in a highly competitive and volatile business and have the edge on your product/service and the U.S. Government thinks they have the right to know whats on your computer even though you have not broken any laws. Again, how can you call yourselves a democratic government if your # 1 goal is to spy on every possible person you can?

Ok, getting back on topic here: another tactic used by so-called privacy organizations is through the use of “free” software. How do you know that the software they have you use is not already tainted before you get it? What if it contains a back door scripted in by either the software maker, or in cooperation with the government? If its proprietary software, you don’t know. So how do you really know what the software is actually doing? 99.9999% of all people that download ip changing programs have absolutely no clue how these programs work and where security vulnerabilities exist. Many of the “one click solution” people are happy if it just works. They don’t care how it works, as long as it does and as long as it’s not too complicated for them. So with this theory in mind, why bother? If you want to conceal your online identity, don’t you want to at least know how a program works or what you are installing on your computer? Surprisingly, most people don’t care which is just a sad example of how the world works.

The software utilized by us, International Alliance Privacy Services, is simply one program. This is an open source program released to the general public which is provided absolutely free of charge. It was not written or produced by any of our staff. Open source software is maintained by the general public that participates in the development of a project or design of a program. Open source means that the program is not proprietary and can be easily taken apart and looked at for whats under the hood and exactly how it works. This is the destiny we believe in and the methods we use to really protect your privacy are top notch. We despise the use of exploitable software based on java, which is why we simply will not use it. We believe in gaining the general public’s trust by showing you exactly how we secure your privacy. We write technical/security articles for your understanding and benefit. We owe our success to you, the reader, so why not further educate you all in the same process? Even if you choose not to use our services, at least you will be armed with the right knowledge and will know what to look for when choosing the right privacy organization to meet your needs.

Another unacceptable practice we have seen from other privacy organizations is that their servers are all marked with easily identifiable host names. Now if you are using the services of a privacy organization with servers that are shouting “I’m a proxy server and I belong to so & so” how is this protecting you? Any one who looks at the host name is automatically going to consider blocking/banning you right from the get go. International Alliance Privacy Services does not believe in this practice. All of our servers are only identifiable as code names and do not declare they are part of our networks or part of our family of domain names. We give all of our servers general names that do not call attention to themselves. We believe that if you choose to use our services, why would we put you on a server that screams “proxy!” and leads right back to us? Thats not how we operate.

One of the final topics that seem to lure potential clients in is through the usage of exotic places to have servers in. Just because a privacy organization may have servers in exotic locations or a few islands, how do you know if they are safe? Did you stop to think about the treaties those countries might have with other countries? What about data retention laws as specified by the governments of those exotic places? One particular place frequently mentioned among privacy organizations is the country of Panama. What these organizations fail to mention in their sales pitch is that Panama has treaties with the United States for sharing information. Basically put, hosting a server in Panama is no different than hosting it in the United States. Safe? Not likely.

In conclusion, we hope that you have learned something. If not much, at least something that you can use to help you make a better informed decision now or in the near future. We are always open to your questions or comments and critique of any documents/articles written by International Alliance Privacy Services. If you have questions, please ask instead of assuming! Its better to know and receive, then not to ask and just assume. When making the decision to use a privacy organization, I hope this small article helps you out. Thank you.

Without International Alliance Privacy Services, whenever you connect to the internet, everything you read or write, transfer or receive is basically unencrypted and in plain text. The internet is constructed in a way that data is transferred from your pc, laptop or notebook over multiple other computers to their destination which could be your friend’s pc or a web server. Each computer in this chain is called a ‘hop’ because the data is figuratively ‘hopping’ from one computer to the next until they reach the desired destination.

Over how many hops data is routed depends on the distance between sender and recipient and the routing setup, but connections are on average carried over about one to two dozen hops. At each of these computers or hops, everything you send or receive — the web sites you request, your emails, your chats, the files you transfer, etc. — can be read and stored. Your transferred information could also be read and stored if somebody would wiretap the cables or connections between any of these computers, including the line at your own home. The most convenient location to observe you and to store everything you do on the internet is, of course, your ISP (Internet Service Provider), because all data you send to the internet and receive from it have to pass through your ISP. In the last years and months, many countries passed legislation which obliges your ISP to record your connection data and to store it for several months to several years. ISP’s in some countries are obliged to hand these data over to law enforcement or secret service agencies without review by an independent judge.

Here is where International Alliance Privacy Services can help you. If you sign up for our service, you will get access to several encryption and anonymization servers located in different parts of the world. Instead of connecting directly to a web site or to your friend, International Alliance Privacy Services will create a high security encrypted connection to one of our servers first. All data you choose will then automatically be encrypted by your pc and sent through this encrypted connection to our anonymization server. Our server will accept the data and in addition will strip the data from information that could personally identify you.

Data, texts, photos, emails, movies, or web site requests you send over the internet carry for example a unique number, called IP address, which identifies you. You can compare it to a telephone number. Every computer which is connected to the internet, including yours, has a unique IP address which identifies it. These data sometimes also contain other personal information, such as the browser you use and its version, your operating system, or software plug ins you have installed. If somebody investigates these pieces of data he knows they were transferred by your machine or sent to you.

Our anonymization server decrypts the data it received and replaces your personally identifying information (such as your IP address) with its own identity. Then it sends the data to the destination, e.g. the web site you wanted to access. The web site and all hops (computers) between it and our anonymization server will no longer know to whom the data really belong. They will think our server made the request, and the web server will thus transmit the requested content of the web site back to our server, where our server will encrypt the data again and send it to your PC.

We currently have highly secure servers in 10 countries: United States, United Kingdom, Canada, Luxembourg, Switzerland, The Netherlands, Germany, Hong Kong, Czech Republic, and Malaysia.

International Alliance Privacy Services, through the IAPS Security Store believes in giving back to the community. Not just our local communities but on a world-wide scale. We know the valuable services that charitable & educational organizations provide to a community and we know most of them rely on community donations and work on a limited budget. With this in mind, International Alliance Privacy Services would like to share our network resources free of charge for these organizations.

We ask for nothing in return for these services. This is our way of giving back to these organization that strive for a better world and to promote peace, well being, educational services, and pride for their communities. We ask for a few simple verification procedures to be completed for any charity requesting these services:

1.) In the U.S. a 501c Tax Exempt Certificate & Business Incorporation License.
2.) The name, address, phone number, and contact name of the person in charge of the organization.
3.) All international organizations must provide the equivalency of the above.
4.) A Certified Educational Business License for any Educational Organization.
5.) Documentation must be faxed to: +1-518-320-8671 in the United States (scanned/emailed documents will not be accepted)
6.) Your organization must be a NON-PROFIT ORGANIZATION.

The following services will be made available for all qualified charitable/educational institutions:

1.) Unlimited website hosting services (available jurisdictions for hosting: United States, United Kingdom, Canada, Switzerland, & Luxembourg.
2.) Unlimited access to Virtual Private Networks belonging to and operated by International Alliance Privacy Services.
3.) Unlimited access to Secure Shell (SSHv2) Networks belonging to and operated by International Alliance Privacy Services.
4.) Unlimited secure & encrypted data storage space.
5.) Unlimited access to high security and encrypted email services.

This notice is officially posted here.