Top 10 technologies to beat tyranny

Last week we had a bit of fun and looked at technologies for budding dictators, but this week we're looking at the other side of the coin: how to stay safe online if your future depends on it.

Every day each of us generates a rapidly expanding amount of data, and that data is mined by companies and governments. In many cases it's used for nothing more irritating than advertising, but for some countries that cloud is also a trail that can be monitored.

In too many of the world's countries we are seeing increasing moves to clamp down on the cheerful anarchy of the internet. China has its infamous Great Firewall, but some, like North Korea, exert total control, allowing a few modems out and carefully monitoring each line.

We have few such pressing problems in the Western world, but here the issue is privacy. Huge legislative battles have been fought in the past over racial and sexual equality and the role of the state, but the spotlight in the coming decade is on privacy - who has the right to know what about you.

So there's a little useful stuff in here for everyone. As ever, if you think we've missed anything, the comments section is below.

Honourable Mention: Hacking
Shaun Nichols: At first we weren't sure how to classify this one. Malware isn't really the right term, neither is spyware. We decided to go ahead and use the label 'hacking' .

Regardless of how you label it, there are times in the battle for freedom when you may need to access a system under, well, less than conventional means. At these times, you may need to use some tools to bypass security protections and authentication components.

That's not to say we're endorsing such activity. Whether your motives are just or not, this sort of thing is considered illegal pretty much everywhere, and people who get caught will undoubtedly face some unpleasant consequences.

There are, however, times when the risk of imprisonment and punishment are worth the potential reward.

Iain Thomson: Is it OK to break the law in a moral cause? Many people who are now great statesman once thought so; Nelson Mandela comes to mind. Sadly, the courts disagree.

As we are seeing in the case of Gary McKinnon, when the US nabs you on terrorism charges for hacking it doesn't mess about. McKinnon isn't a freedom fighter, merely someone with mental problems who thought he was on a quest to unveil the truth about UFOs. He's now facing decades in prison for his activities.

In the wider world, a measure of hacking is a prerequisite for getting open access to the internet at all in some countries. There's also less of a moral question about getting into the systems responsible for their repression, although the penalties are much more severe than McKinnon faces in many cases.

Honourable Mention: Complicit companies
Iain Thomson: This was an unusual last minute entrant, suggested by Shaun in the light of last week's Top 10. While initially I was sceptical, Shaun made his case. Certain companies are beginning to show some guts and say that business in China is about more than money.

This is not long before time. China has an understandable aversion to some aspects of Western culture, believing that, if the British, French and Russians had set up camp in Manhattan for 50 years by force of arms, as Shanghai was, America would be up in arms.

Since Google has come out against censorship, for whatever reasons, other Western companies have also been called on to make a stand. Whether they will or not remains to be seen.

Shaun Nichols: Seeing how Google inspired our top 10 tools for tyranny list, I think it is only fair that we include companies that don't kowtow to oppressive regimes on our list.

It takes a lot of guts to say no to a government when you're a business. If you don't do what you are told, and the people in charge take notice of it, you and your employees are likely to be out of jobs and possibly even behind bars.

If anything good has come out of the rise of multinational corporations, it is that some are becoming less beholden to governments and able to take a stand when something is not right.

China may be a huge economy, but Google has plenty of business elsewhere in the world. If the company does pull out, it will be able to get along just fine.

10. OpenDNS
Shaun Nichols: We chose OpenDNS here, but there are a myriad of similar tools that can be used to take some of your dependency off of your local ISP and into your own hands and those of like-minded people.

For those unfamiliar, the DNS system is what allows clients and servers to link up the text of a URL with the numerical IP address of the server hosting the site. The task of cataloguing and matching the URLs and IP addresses is handled by a DNS server, usually provided by the user's ISP.

OpenDNS is a well-maintained DNS service which is free and open to all users and, for a great many people, is far faster and more reliable than their ISP's own servers. Additionally, it is constantly maintained and updated to protect against possible attacks, such as the 2008 DNS cache-poisoning flaw.

It also gets one more activity out of the hands of ISPs, which are often more than willing to hand over information to government agencies.

OK, so DNS information isn't exactly sensitive data, and it's not as if OpenDNS would prevent an oppressive regime from keeping people down, but it's at least a small way you can take some of your activity out of the ISP's hands.

Iain Thomson: OpenDNS isn't perfect by a long chalk but it is a very valuable tool. Anything that gets your data out of the hands of the ISP is a good thing on the privacy front, especially if the ISP in question is run by the government and subject to constant monitoring.

In more closely-run internet monitoring states, the use of OpenDNS may also be a big red flag so be careful how you use it.

9. Clean email address
Iain Thomson: A must for the budding activist is a clean email address, ideally one that has not been used at all. This involves using the account to write emails in draft form, and not sending them, but having a trusted contact who can also access the account, read the messages and type a draft response.

Even if emails are sent, such a low use account would raise few warning bells in unsophisticated monitoring regimes. With the rise of mobile phone use for email it would have to be a very quick monitor to pick up a signature.

This is a tactic used by many groups, both benign and malicious. So-called 'clean skins' are the hardest operatives to trap, because they have no record. This is what makes it important to keep certain people solely as methods of communication, and from the other perspective, to keep watch on the behaviour of others.

Shaun Nichols: This is one space where collaboration services such as Google Wave could prove valuable.

If users could access collaboration pages hosted in a safe location, they could communicate without having to worry about the interception of those messages by the authorities.

When combined with our earlier nod to companies that don't give in to government pressure, you have a pretty effective tool for safe communication, at least until the local authorities contact your ISP and have the service blocked.

This is, as Iain noted, potentially a good and bad thing. While it could be used to subvert restrictions on free speech, it could also be used to facilitate the planning of malicious action. Which brings up a troublesome fact: 'activists' and 'freedom fighters' in one part of the world are usually considered 'criminals' and 'terrorists' in another.

8. The Electronic Frontier Foundation
Shaun Nichols: While its global reach is still somewhat limited, the EFF is championed in the computing world for its tireless efforts on behalf of user rights and access to information.

Founded in 1990 by Mitch Kapor and John Peery Barlow, the EFF has used legal expertise to argue on behalf of the little guy. The group's efforts have included a prominent position in the fight against digital rights management software and the takedown of user-submitted videos, as well as putting once-classified government data online for all to see.

The group has also championed net neutrality, and gone after music labels and studios that use bully-tactics on users suspected of sharing media files online.

It's somewhat scary to think about what the tech world would be like had it not been for the efforts of the EFF.

Iain Thomson: To my mind the EFF is the biggest thing Mitch Kapor can be proud of in the tech arena and, considering the impact of Lotus 1-2-3, that's saying something.

The EFF's web site is a treasure trove of useful stuff for anyone interested in staying private, which is probably why so many countries try to block it. It contains software tools to help evade national firewalls, to simple browser setting advice.

But it is the operation behind it that shines. The EFF has proved a highly effective watchdog of the technology world, and it keeps governments (reasonably) honest. It mixes high profile investigations into illegal US government wire-tapping to draw out legal battles.

If you are a technology user of almost any type the EFF has got your back, and thankfully it's very good at what it does.

7. Social media
Iain Thomson: When the first plane hit the Twin Towers on that day in September, one camera recorded it, that of a French documentary team filming New York firemen. By contrast, the vast bulk of the initial footage of the Haiti disaster has come from social media.

No-one can deny the impact of social media. The demonstrations in Iran, the Burmese monks and footage of the police in the US and UK have shown that the pendulum is swinging round from those that control the media to those that create and consume it.

On a personal note, the moment this really kicked in was at last year's G20 demonstrations in London, and the death of Ian Tomlinson. Tomlinson was the only fatality of the demonstrations, and the police story at the time was that he'd had a heart attack and medics tried to help him but were bottled off by protesters.

It was only after, ironically enough, a New York investment fund manager put the footage he had shot online, that the rest of the world saw his attack from behind by the police, while walking with his hands in his pockets. London may have the highest concentration of CCTV cameras in the world but none of them caught this, but a bystander did.

Video recording technology is increasingly being embedded into many devices, and it is a very effective weapon against the 'official line'. Add in the reach of YouTube, Twitter and Facebook, and you have a powerful tool against oppression.

Shaun Nichols: As we are now seeing, YouTube isn't just a place for goofy blooper videos and crackpot political rants; it is also a valuable way for people to share footage.

News services around the world are picking up on this, and installing portals where users can upload and share their video of important events. This is allowing users to capture and broadcast video of government, military and law-enforcement groups behaving badly, and has in some cases helped police to bring violent criminals to justice.

As much as we like to malign their usefulness at times, social networking sites such as Facebook and Twitter have also become tools for sharing information and campaigning for freedom and justice. Not everyone has the time or interest to maintain a full blog, and few of us are able or willing to scroll through dozens of blogs a day.

The aggregator features of social networking sites allow multiple updates to be seen at once. During a large and tumultuous event such as a protest or government crackdown, these sites become very useful tools for gathering information.

6. Open source software
Shaun Nichols: When people like Richard Stallman and Linus Torvalds created the pillars of the open-source software movement, they did so with the fundamental belief that software and digital data should be open and accessible to all. This is, of course, conflicts with the basic tenants of tyrannical rule.

One of the great things about open-source software is that it can be opened up and tinkered with by just about anyone who wants to. Additionally, open-source tools and applications can be more or less shared freely on the web. This allows people who may not otherwise have access to the resources to use the software and learn how to build and tinker with it themselves.

Tyranny isn't always apparent in the form of outright oppression; often it comes in the form of purposefully maintained ignorance. Open-source software can allow users to educate themselves, and is therefore a pretty handy tool for subversion in the grand scheme of things.

Iain Thomson: It would be hard to argue with the use of open source as a security measure. Firstly, as Shaun points out, a good knowledge of open-source software is very handy, particularly if you can code your own applications and don't have to rely on questionable third parties to supply them.

Secondly, much of the world's core infrastructure is run on open-source code, and a good knowledge of the systems can reap real benefits in terms of staying off the radar and finding out what you need to know.

Open source may have flaws, as any code will have, but the flaws are few and the benefits are many.

5. Smart behaviour
Iain Thomson: While operating under an oppressive regime the essence to staying hidden is to work under the radar.

If you're living in a state that has access to potentially all your online activity you need to be very smart in how you act. Long internet sessions are bad security, so limit activity to a minimum and leave the modem off for long periods to reset the IP address if possible.

Avoid your ISP, and never use the built-in search engine. Chances are your ISP is state-sponsored and will happily, or at least quickly, hand your data over if requested.

Preserve your anonymity and give out nothing online that you wouldn't happily see in print the next day in your local newspaper. Electronic traffic is open to revelation and the use of code is essential.

Nine times out of 10 the police talk about the fatal flaw that catches the villain. In fact there's a lot more detective work that goes on and it's usually stupidity that trips people up. But the smart activist doesn't give their enemy any clues, and eternal vigilance is the price of liberty.

Shaun Nichols: While at lunch the other day, we were laughing at the idea that people still need to be told not to crack bomb jokes while in the airport. But it raised an interesting point in the context of this list: if you want to keep a low profile while amidst a possibly oppressive group, it's best not to attract too much attention to yourself.

There are many simple, commonsense ways for users to stay out of trouble. As Iain mentioned, knowing where you are and who can see it is the main idea.

Additionally, not falling for scams and social engineering tricks is also important. The recent malware infections at Google and Adobe were carried out through 'spear phishing' attacks which were specially crafted for each individual user and intended to look like a genuine document from a co-worker.

It is always a good idea to take a close look at any email attachments and to be wary of unsolicited messages, even those from friends. This is doubly true if you're in a country where the authorities may be out to get you.

4. Encryption
Shaun Nichols: It may be hard to imagine these days, when everything from thumb drives to pizza orders is transmitted as encrypted data, but there was a time when computer encryption tools were considered a danger on a par with rocket-propelled grenades and automatic weapons.

In World War II, governments learned the importance of cryptography in sending electronic messages and preventing enemies from intercepting them. The practice of encoding and decoding was so important, that the UK set up the Bletchley Park facility and developed what would later become some of the world's first computers.

In the decades that followed, cryptography remained a closely guarded practice that was tightly controlled by governments. In fact, in the US it was considered illegal to transfer cryptography tools of any sort outside the country as the technology was classified as "munitions and auxillary military technology".

Only in 1995 was the ban officially lifted and citizens were allowed to take publically available encryption tools outside US borders.

The use of encryption to keep governments or dictatorial regimes out is obvious: protect transmissions from being intercepted and prevent the recovery of seized storage drives. But encryption tools can also be a useful way to keep criminals and data thieves from lifting your info.

Iain Thomson: I would have liked to see encryption higher up the list, of which more later, since it is fundamental to private and secure online activity.

In the 1930s the US all but shut down its encryption and code breaking facilities after US secretary of state Henry Stimson declared that "gentlemen don't read other gentlemen's mail".

Encryption is a must have for the individual user. It's appalling that it has taken Google so long to encrypt its online apps, and I am still gobsmacked by how many companies don't bother to encrypt either current data or backups.

Individuals who want their email and other data to remain private must also get up and do something about it. There are plenty of free encryption services out there, and every internet user is advised to make use of them.

3. Mobile phones
Iain Thomson: Mobile phones are a blessing and a curse to the activist. On the one hand they provide instant communication and, increasingly video evidence. But on the other they are easily traceable, the encryption is probably cracked and they are among the first things seized by the authorities.

Mobile phones are very useful in certain circumstances. They can be used for instant person-to-person conversation, and many of them come with cameras rivalling most of the handheld camera market. Those pictures can then be uploaded around the world in seconds.

But there's a downside. Radio mast triangulation, and increasingly GPS co-ordinate hacking, mean that mobile phones can actually help pinpoint so-called troublemakers. A mobile phone is detectable even if it is switched off, and the only way to avoid this is to remove the battery altogether, something not possible for iPhone users.

Mobile communications are essential in a system to beat oppression. The ability to act fast and be in constant contact cannot be underestimated. But these useful tools come with responsibilities.

Shaun Nichols: The next frontier of electronic activism and privacy protection is going to be the mobile phone. In fact, it already is. Many security developers and engineers are working on ways to encrypt phone data and ensure that attackers cannot compromise the handset.

There is no doubt that mobile phones are incredibly valuable, particularly now that so many have embedded cameras and audio recorders. However, allow me one small gripe: the provider.

Much like ISPs tend to roll over to government data requests, mobile phone service providers are often all too willing to hand over user information, even in cases where the user poses little to no physical danger to anyone. It's definitely foolish to think that anyone using a cell phone is anonymous these days.

Additionally, there's the infrastructure issue. As anyone who has tried to access the mobile broadband networks at a large convention such as CES or CeBit can tell you, when lots of people are gathering and uploading information, the networks can quickly become overwhelmed and the flow of data can slow to a crawl or stop altogether.

2. Blogs
Shaun Nichols: Perhaps it's the journalist in me, or perhaps it's the unruly new-world colonist in me, but I consider free speech to be hugely important and I fought long and hard to get this at or near the top of the list.

With the maturing of the web and the growth of site providers, the concept of the blog has exploded in the past decade to become a central element of the web as we know it.

In recent years, the blog has also proved itself an invaluable tool for giving ordinary citizens a voice and allowing them to speak their minds. Almost every week, it seems, we find critically important news from some part of the world that is only emerging through blogs.

With state agencies now tightly controlling the press in so many parts of the world, blogs are often the only way that the rest of the planet can find out what's going on in a region and how the people are truly getting on.

So much effort now is being put into getting computers into remote and impoverished areas of the world. I believe that shortly after those efforts are established, someone needs to offer a programme which gives those same populations free hosting and access to self-publishing tools.

Iain Thomson: Shaun was indeed vociferous in his arguments on this one, but should blogs really be this high one wonders?

On one level blogs really have become the new political pamphlet, but with a much wider scope. If Thomas Paine had been alive today I suspect he would be turning the air blue with purple prose to stir up his readers. One hopes he wouldn't be tempted to add LOL to some of them as well.

The importance of the blogosphere in shaping national moods is growing, and restrictive states are clamping down on bloggers if they don't follow the party line. One of China's leading bloggers has said he is giving up because of the constant worry that he might end up in prison for expressing his views.

Blogging is particularly effective in states that control the media. Since the traditional forms of communication are compromised, people automatically look outside at blogs for an alternative slant on what's going on. They just have to find bloggers they trust.

Here in the West the media poses a different problem, since they are the ones outing anonymous bloggers. A UK court recently ruled that there was no right to anonymity for bloggers, leading to the shutdown of an informative police blog.

1. Web proxies
Iain Thomson: In an age of internet communication, anonymity is surely the best tool for those in the business of getting rid of oppression.

A project known as TOR, a military system developed by the US Naval Research Laboratory, was taken over by the Electronic Frontier Foundation and is now being used to shield internet users from repressive regimes around the world.

When the first internet protocols were formed there was little thought of the future that lay before the internet. There are strong calls for a revision in the basic IP principles to identify users individually. While this might make life easier for e-commerce, it would be a death knell for internet users' freedoms.

Anonymity is what makes the internet so much more subversive than Caxton's press ever was. In a minute's post online, millions more readers can obtain information than was ever possible under dead tree publishing.

But how people obtain that information has to be safe, and TOR is a valuable tool in being able to do that. Information on its own is not enough, it has to be accessed freely.

Shaun Nichols: Again, it's a fallacy for any user to believe that they are completely anonymous online. When your computer connects to another system, it's invariably going to leave a trail.

As any hacker worth their salt will tell you, the key is to make that trail as hard to follow as possible. Going through protected connections and servers is one way to do so, bouncing your connection through numerous proxy systems, and making the tracking process tedious and difficult.

The Onion Router, or TOR, uses both of these. The general idea is that a user's connection goes through a server which then processes the encrypted connection through a series of proxy servers. The result is a virtual dead-end for anyone trying to analyse the path a user took.

The ramifications of this are obvious: users can surf the web without being tracked back to their home systems. Unfortunately, there is also an easy way for oppressive regimes to prevent this: simply use a filter tool at the ISP level to block users from accessing the TOR service.