Governments have a long track record of making everyone’s life harder than it should be. Whether it’s high taxes, crazy regulations, starting wars or absurd laws, government has generally shown that it doesn’t deserve as much power as it tends flaunt. I’m in no way an anarchist and I believe government has its place, but a government that is too powerful can really be detrimental to the progression of civilization. Is it just the nature of civilization to progress then destroy itself? Why have we not learned from the past? Or have we, and it is just a small group of elites that have consolidated power and covertly operate fake democracies or somehow legitimized their regime. Government stretches their long arms into almost every aspect of our life, this can be dangerous if unchecked especially when in involving our personal property including our online data. Why is it that government wants in on our lives? Is it money or just a power trip? In 2014 I found that the Department of Defence was connecting to me through a port I had never seen, using Skype. How or why I still don’t know all I know is that they tried it and I have proof here.

DoD

Since this incident I became ever so paranoid in my computing. I stopped using Windows and Skype and switched primarily to open source applications that I knew I could trust. I didn’t want the DoD or any government agency snooping on my communications with friends. What was I doing that was so wrong any ways? Speaking my mind? Opposing big government? I guess that is a crime then… But we shouldn’t even have to worry about things like this. Which gets back to my point that government tends to make our lives so much harder. So that day I learned my lesson and I knew government that goes unchecked will always make your life harder and never easier.

Well as most in the US have probably seen this flag is stirring up all kind of controversy.

rebel-flag

To me this is quite annoying, the #BlackLivesMatter movement is attacking people’s right to free speech. Whether or not the confederate flag breeds hatred doesn’t really matter… If someone chooses to fly the confederate flag then let them and don’t get so mad! Hating them for it only creates more hatred on both sides of the conflict. The problem I see now is a form of self policing by continuous political correctness. This also comes with a large portion of hypocrisy you know. White people can’t hate any ethnicity and it’s called racism and hatred but then other ethnicities can hate white people for just being white? In my opinion it is just called ‘free speech’ something that is rarely understood when race comes into the argument. I can understand fully why the confederate flag makes people mad, but please just stop getting mad. There is no point, racism won’t burn with the flag it might actually increase. Think about it.

CloudFlare is horrible for many reasons. It might make everything super easy. You get DDoS protection, seamless SSL integration, very simple DNS management, ability to hide your server’s IP. But with all of that convenience you loose control of your data and your sites are now open to MITM attacks by Big Brother. Data going through their servers is encrypted/decrypted on their servers, they retain the private key (unless you pay $5,000/mo for their enterprise plan).

Their snake-oil security

cloudflare_ssl

What worries me the most is that more and more sites across the web are starting to use CloudFlare especially with their free-tier SSL certificates. This creates a false sense of security as people think their information is encrypted and no one can read it, but in reality it’s going through CloudFlare’s network who is most likely working with 3 letter agencies directly or indirectly in their SIGINT programs to store exabytes of traffic data from sites that could contain valuable information to them.

As we’ve seen in the Snowden docs intelligence agencies horde zero day exploits and use them on their targets. I speculate that CloudFlare could be used to deliver those exploits en masse or to deliver them to a target who visits a site that uses CloudFlare. CloudFlare’s entire model could definitely make it easier for intelligence agencies to deliver their nasty exploits. The NSA has already broken into some of the biggest companies in the world, it would only make sense for them to have done this to CloudFlare as well.

Of course this is all speculation, but who are we kidding we haven’t even seen half of the Snowden docs. The NSA is capable of so much more than we’ve seen and I’ll tell you “told ya so” if my speculations become known facts. :)

Crypto World

Screenshot - 03302015 - 09:41:21 PM

Recently we launched cryptoworld.is (formerly cryptoforums.net / cryptounion.org). We decided that this was a better name and one that we could finally settle on. I had thought of this name a while back but looked at .com, .net and .org I wasn’t surprised they were all taken. The Icelandic TLD .is was too expensive for me at the time so I looked for something else. So many domain names some might think I’m crazy. But there is a method to my madness, crypto world rolls off the tongue pretty nice. Now our buddies over at cryptostorm.is have a very similar domain, truly they are the ones that inspired us. I didn’t really know much about Iceland until I saw their .is domain and became interested in the TLD. I hope they don’t think we copied them in any way :( but we love you guys if you see this (df, graze & PJ)!

Besides that, I really wanted to make a site that could be more than what previously was just a forum. Our future goals are pretty big and we have the infrastructure now to do it, but we hope to become a bigger community where people can learn about infosec & opsec or just hang out with like-minded others.

H2-150318848

I wanted to congratulate the citizens of Iceland today. The Pirate Party has become the most popular party in Iceland receiving 23.9% of support according to a survey done one month ago. I look forward to seeing how many spots the Pirate Party gets in parliament. Another reason why you might want to host your data in Icelandic data centers!

Read more here: http://www.visir.is/the-pirate-party-is-now-measured-as-the-biggest-political-party-in-iceland/article/2015150318848

I have recently been in a little argument with the VPN service IPVanish. When I called out that Hide My Ass for not protecting privacy, IPVanish responded saying I should try them out.

Screenshot - 03162015 - 01:55:25 PM

I am suspicious of all snakeoil “privacy” services and without legitimate employees or explanation of their infrastructure I’m not going to buy it. But I checked out their TOS and privacy policy anyways… Well the language in both seem to conflict like here it says that they keep no logs in their privacy policy.

Screenshot - 03162015 - 01:59:13 PM

But in their TOS they specify several times if you do this or that they will suspend your account, here are some examples.

How would they know when their users are sharing a login if they keeps no logs?

3. Authorized User; Your Responsibility.

You may not access or use the Site or Services if you are unable to form a binding, legal agreement with IPVanish. You affirm that you are over the age of 18. You assume all responsibility for your use of, or access to, the Site or Services.

Accounts are for single user, individual use only. Any non-individual use or multiple-party use is prohibited. For example, the following uses are prohibited under this section:

  • Sharing a login between people.

  • Simultaneous logins from multiple IP addresses with the exception that we do allow an individual up to two active connections to the network per account, mostly, to allow for mobile device use, but the connections are prohibited to be used by anyone but the account holder.

How would they know which one of their users are spamming so they can suspend their service if they keep no logs?

7. SPAM

IPVanish enforces a zero-tolerance SPAM policy regarding information transmitted through our network. IPVanish may determine in its sole discretion whether any transmissions are considered SPAM. SPAM includes, but is not limited to, the following:

  • Bulk unsolicited e-mail, promotional material, or other forms of solicitation sent via e-mail that advertise any IP address belonging to IPVanish or any URL (domain) that is hosted by IPVanish.

  • The use of web pages set up on ISPs that allow SPAM-ing (also known as “ghost sites”) that directly or indirectly reference customers to domains or IP addresses hosted by IPVanish.

  • Forging or misrepresenting message headers, whether in whole or in part, to mask the true origin of the message.

  • If IPVanish determines that you have posted one or more articles of spam, we may cancel your account immediately and take steps to prevent you from using our network at any time thereafter.

How would they know which one of their users is transmitting copyrighted material if they keep no logs?

13. Copyright Protected Materials

IPVanish respects the intellectual property rights of others and expects that you do the same. It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others. You may not upload, download, post, publish, transmit, reproduce, or distribute in any way, files, material, information, software or other material obtained through the System that is protected by copyright or other proprietary right or derivative works with respect thereto, without obtaining permission of the copyright owner or other right holder. Additionally, you shall not upload, download, post, publish, reproduce, transmit or distribute in any way any component of the System itself or derivative works with respect thereto.

I’m sure you get the point now… This isn’t just IPVanish though I have seen many other VPN providers that do the same thing by claiming they keep no logs but then putting this junk in their TOS. So snakeoil services do you really think people are so naive that they wouldn’t notice these inconsistencies?

Sources:

https://www.ipvanish.com/tos.php

https://www.ipvanish.com/privacy-policy.php

This will be my short review of 1984hosting.com (English) or 1984.is (Icelandic). I stumbled across them while searching for a host that supports free speech. I had heard numerous things about Iceland, like how they made their government officials resign and hammered the bankers for their role in the financial collapse between 2008 to 2011, and don’t forget their wonderful International Modern Media Institute. I was sold on the idea of free speech on this tiny island country and I’ve always liked exotic locations to host my content from. So I eventually bought their shared hosting plan for $120 USD (per year), it was really expensive but I thought for a whole year its not too bad and it might pay off in the future at least in my mind. Some might say, why spend so much on shared hosting when you could get it for cheaper elsewhere? Well for one, I like to support organizations that support free speech and don’t have a crazy TOS forbidding you to do so many things (also I like their flag).

Iceland

 

So if you are looking for a location to host your free speech content in, Iceland is a great place due to its protection of journalists. Now lets get down into detail, according to their home page they offer unlimited storage, data transfer and domains. Obviously nothing is really unlimited and I’m sure they would tell you to stop or suspend your account if you start uploading Terabytes of data in a short period of time. But nonetheless this is impressive for Iceland as bandwidth is very expensive there.

Screenshot - 03132015 - 02:31:51 PM

When I purchased it I got the details straight away in an email. To login to your panel you go to management.1984hosting.com and press “Goto Control Panel”.

Screenshot - 03132015 - 02:44:40 PM

You will be redirected to the i-MSCP control panel where you can manage your web hosting account.

Screenshot - 03132015 - 02:50:22 PM

Screenshot - 03132015 - 02:48:25 PM

You can do everything you’ll ever need here like easily adding SSL certificates on domains, managing databases, creating FTP users, email addresses for as many domains as you want and viewing statistics, even accessing FTP through Pydio.

Screenshot - 03132015 - 02:53:32 PM

I’ve found that their webmail for domains is excellent and I’ve switched over to using it fully due to it being so easy to use and of course hosted in Iceland! Using FileZilla for FTP was very slow to my surprise and I wasn’t impressed with the speed of transfers. Queued files just kind of sat their uploaded 1 then 2, then paused for a couple seconds and continued. It took an abnormally long time for WordPress to upload. This is the only real downside I found, some might prefer C-Panel web hosting but i-MSCP works good for me and it’s open source. Overall I am satisfied with 1984‘s service. Even though the price tag of $120 yearly is a lot to shell out it pays off not having to manage your own web server and peace-of-mind knowing that backups of your databases are done daily. I highly recommend 1984!