Archives for posts with tag: security

With the recent surveillance nightmares of 90s hackers coming true, I’ve begun moving a bit toward the “dark arts” of networking, as agencies such as the NSA and CIA are rather blatantly spying on the American people now. I am not fully informed on how the rest of the web looks, but I don’t think it’s much better. I know Brazil is a mess at the moment.

Facebook is currently the most popular social network site, and has gotten more commercial by the day since it achieved its popularity. Numerous companies use facebook “likes”, comments, and social patterns of Facebook for marketing purposes, and borderline legal data mining for their own purposes. Facebook is also notorious for disrespecting the assumed privacy of such a network, and anything discussed in Facebook messages can be assumed to be open for their admins, other companies, and law enforcement to read.

In this mini-tutorial I will guide you through how to run Facebook chat through a separate client, and encrypt the messages so Facebook’s staff and records cannot read them. Other Facebook interaction cannot be secured from their own servers this way, but there is a great open-source, community maintained social network called Diaspora* starting up now. If one really cares about security, a direct connection from server to server is optimal, followed by secure forums such as IRC. However, Facebook’s pre-existing network is too convenient to ignore.

*DISCLAIMER* If you use this to mask illegal activities, don’t blame me

*DISCLAIMER* BOTH ends will need to be set up like so for this to work

1.) Install pidgin. Pidgin is a small IM client on a GNU General Public License, and works in Linux with Gnome, KDE, and on Windows. (Windows is not featured on this blog, but the Windows set up should just be an install .exe or .zip, then again for otr which will be mentioned later on)

for Debian/Ubuntu/Mint: su -c “apt-get install pidgin”

for Fedora/Red Hat: su -c “yum install pidgin”

for Arch Linux: su -c “pacman -S pidgin” (unverified, but should be there, otherwise check AUR)

2.) Get pidgin-otr. To save time this could have been done with the above step, but I felt it was important to identify this extension separately. OTR means “off the record”, which is a feature of pidgin allowing encrypted chat between users. I believe this method will use PGP, but I could be wrong.

for Debian/Ubuntu/Mint: su -c “apt-get install pidgin-otr”

for Fedora/Red Hat: su -c “yum install pidgin-otr”

for Arch Linux: su -c “pacman -S pidgin-otr” (unverified, but should be there, otherwise check AUR)

3.) Configure otr in pidgin. This is done by launching pidgin, the at the top navigating Tools > Plugins, or hitting ctrl+u. In these plugins, check the checkbox next to otr, then in those settings, enable otr, but do NOT require it. Requiring it will prevent pidgin from sending unencrypted messages, so the client will not work unless both ends of chat are configured this way. Next it will have an option to create a key, which will take a few moments. Try to move the cursor around and hit random keys to create entropy.

4.) Configure facebook. Pidgin should have a wizard for this, and if you do not know your username, go to your facebook page and the URL will be www . facebook . com/YourUserName, and your password will be your password.

5.) Begin otr chat. Open your “buddies list” for Facebook, then right-click a name and choose “IM”. This will being an IM session with this user. Pidgin, if properly configured, with have a button which reads “not private”, which is used to toggle private, aka encrypted conversation. If the other end is not set up, the message will read [encypted message], and then all messages after the “starting off the record chat” message will show up normal, and unecrypted. Again, both ends must be set up this way, and they must accept the invite to otr, or this will not be encrypted.

In conclusion, one can essential ignore Facebook as a social network, and just pretend it’s a very popular IM client, and after removing personal data from their site, ones security is restored. Through encrypted messaging Facebook is unable to read messages, and with no “likes” or personal info to mine, they have nothing to gain from you, and you are, as the title says, using Facebook without them using you.

As far as I know, Facebook stores all removed data for a period of 6 months before actually deleting. Please comment, ask questions, provide further info, or notify me of errors or vulnerabilities of this method in the comments.


photo credit:

Following recent US laws which minimalize the security of social networking sites, I myself am setting up a deepnet server I can use to chat with my friends, and am making a guide on how to set one up. It’s fairly easy and can work with nearly any computer that has a steady internet connection.

1.) Install Linux or BSD

I have a guide on choosing a Linux distro here

you will not need xorg or a desktop manager for this, so unless you plan to use the device for other purposes I would suggest not installing a graphic interface for better security and speed.

2.) Install talk and OpenSSH

for Ubuntu/Debian/Mint: (these should be included, but if not:)

apt-get install openssh

apt-get install talk

for Mandriva/Fedora/OpenSUSE: (these should be included, but if not:)

yum install openssh

yum install talk

for Arch Linux:

pacman -S openssh talk

for others, google how to do it.

3.) Configure ssh

The default settings will work fine, but if you want even more enhanced security read this

Also make sure to log in to your router, and if necessary, your modem, and ensure port 22 is forwarded to the IP of the machine you are configuring this on (this is where 99% of ssh problems come from)

Your modem should forward 22 to your router, then your router should forward 22 to your machine.

4.) Learn to use talk

I unfortunately am not at my server right now and cannot provide screenshots or an in-depth guide on using talk, but it should be simple. For instructions and info on talk, type:

man talk


info talk

5.) Configure talk

Again, defaults should be fine, but you can mess with the settings for more security

6.) Connect peers to server with ssh

Make an account for each peer you wish to speak to privately on the machine (useradd on most systems), and have them log in with ssh (ssh -l username@IP)(note this is the IP of your modem, which can be found by typing “IP” into Google)

ssh is a tricky program to figure out for newer users, and I haven’t seen many good guides on it. If you need help, ask on various Linux channels on Freenode (I’ve found #Fedora and #Ubuntu the most helpful)

You can check who is connected with the command “who”

7.) Talk to your peers

the command will be “talk person tty”

on my machine, “who” returns:

[peaceblaster@ArchMobile ~]$ who
peaceblaster :0 2013-04-22 10:55 (:0)
peaceblaster pts/0 2013-04-23 05:10 (:0)
peaceblaster tty2 2013-04-23 05:39

so to message user “peaceblaster”, I would type:

talk peaceblaster tty2

Why this is secure:

Essentially what this does is use very old UNIX components from the 1980s, which were made long before Facebook or Twitter were even possible. Ssh allows secure, encrypted logins from anywhere in the world, which are then used to chat on the server you have set up. By hosting your own server, the only one who has access to any logs is you, so Facebook, Google or any social networking company can’t be forced to give out your information to anyone who pays them enough. Since you use a raw IP instead of a domain, the network is in the “deepnet” or “darknet”, outside of the visible section of the web people call “the internet”.

The other convenient aspect of this setup is that OpenSSH comes with the program “sftp”, which allows equally secure file transfer between machines. The command for sftp is similar to ssh:

sftp username@IP

This will open a shell with which you can send and receive files (there is more on the shell in the man page for sftp)

There you go, secure messaging and filesharing for you and your friends. If you are very paranoid you can look up guides on securing OpenSSH.


I noticed most of my readers are not from English-speaking countries, so I have done my best to make this readable. I hope I have done well.

Concerning Graph Search

I am beyond concerned about Facebook graph search… I have been tempted to leave Facebook numerous times already for similar corporate invasion of social media, but always was forced back because no one else feels like migrating.

I understand that corporations need information for advertising, but this is getting a bit ridiculous. This information needs to come from more voluntary sources like surveys or product registration, as the majority of Facebook users are less than likely to read the fine print before agreeing to update after update of their privacy policies.

I feel like GNU or FSF should sponsor a “free” social network, which could be funded by donations and contribution, much like GNU/Linux operating systems, where our expression and interaction will not be exploited for personal gain, or that very least be honest about doing so. Perhaps an incarnation of IRC with a GUI more oriented toward less experienced users?