LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 May 23 2017

Nazih
Member

Internet Security Advice Needed

Hi,
I am a journalist working with The Daily Star. I am in the process of preparing an article on our right to online privacy here in Lebanon. Throughout my research, I have come to understand that it is routinely violated by a multitude of state and nonstate actors. I am trying to get a deeper understanding of how this actually works: what programs can be used by agencies such as ISF or General Security to track our online activity?
What about applications that are being developed here in Lebanon? Are there any methods to install background software that would gather information beyond that software's intended purpose? What about data analysis and gathering?

So I understand that applications like Facebook or Twitter or something as trivial as Zomato know a lot about us as their users, but how can that be leveraged by our parties to gather information about us as part of their electoral campaign? How is that data analyzed and understood?

Offline

#2 May 23 2017

nuclearcat
Member

Re: Internet Security Advice Needed

On my opinion situation with privacy in Lebanon are somehow ok at current moment, but not because actors are good, but because almost all modern software has security that is quite hard to break. And Lebanese entities who are interested to breach privacy dont have enough resources to break such protection. Remember, also if A will do some activity, his opponent B very interest to catch him red-handed and uncover such nasty activity, so it is risky for reputation as well.
Sure if some person are not smart and install all "catchy" software names with unlimited permissions, and they have old OS versions (old or cheap phones), they might be watched. But i doubt on mass scale. Is there any "Lebanon" specific software at all? As i am foreigner, i am not aware, but guys here might answer, think about something that is made especially for Lebanon and used on many phones.
Facebook, Twitter, maybe Zomato will not even shake a hand of Lebanese "actors" for matter of any suspicious activities(giving up/selling private information), it doesn't worth risking their reputation as benefit will be tiny.
Still people leave huge amount of traces online voluntarily, and basic information harvesting might provide enough info.

Offline

#3 May 25 2017

samer
Admin

Re: Internet Security Advice Needed

You should talk to our friends over at SMEX, they follow the topic of internet privacy in Lebanon very diligently. Here's a blog post about a report they're working on: https://smex.org/smex-launches-inaugura … n-lebanon/

Online

#4 May 25 2017

rolf
Member

Re: Internet Security Advice Needed

Hi Nazih,

I appreciate your post. When I am concerned about privacy I use an encrypted tunnel to browse.
I have an account on vultr.com where it is possible to create virtual servers in various countries.
At the moment I have a server in London. I can easily create a tunnel from my browser to that server using two commands (in Linux systems):

ssh -D 8080 -N me@my.server.com 
google-chrome --proxy-server=socks5://127.0.0.1:8080

On Windows, the first command above will not work by default. What I do instead is use the free software putty to create the tunnel, which is pretty easy. For example, here are instructions on how to do it for Firefox:

https://www.adamfowlerit.com/2013/01/us … cks-proxy/

There are also easier, less techy options, for example: hidemyass.com

Anyway, I am getting carried away.

After setting up my tunnel, all my browsing will go through an encrypted tunnel to my server in London. I will be appearing to browse the internet from London. It can be checked by one of the many "what is my IP" sites.

Because the tunnel in encrypted, nobody should be able to understand the traffic between my browser and my server in London. Good enough for me.

If I needed all the security that I can get for the privacy of my communications, I would look into tor, and live Linux distributions designed for this purpose.

Regarding applications such as Facebook and Twitter, they have lots of data bout us.
They should not share this data, except for cases where they would cooperate with law enforcement in the USA (or wherever they are based).
In practice there may be weaknesses in their systems that would give access to private data to unauthorised parties. Sometimes it makes the news, when big amounts of user data gets stolen or compromised.

Regarding applications that you install: It is routine to be asked if you allow "this applications to make changes to your computer" or something like that. I think this will give the installation program enough security privilege to install silent monitoring software on your machine. Now if you want to go "in depth" it can get pretty complicated, and I am not a specialist. For example, you may be running an anti-virus that will catch that, or there may be some in-built security feature in the Operating system that will block it.

Last edited by rolf (May 25 2017)

Offline

#5 May 27 2017

beezer
Member

Re: Internet Security Advice Needed

There are two different scenarios when you're talking privacy.

A lot of people share their personal information on social media (instagram, facebook, twitter, etc). It doesn't take government or ISP control to gather this information as users just put it out there for everybody to see. Even if you do secure your connection through tunneling, you're still posting this information for everyone to see.

The other scenario is when are directly communicating with people or having a private transaction of some sort. If you are not tunneling your connection, then it can be snooped on. If you are using public free email servers (especially Google) then a lot of what you type is read by scripts (robots) and filtered to provide you with relevant stuff next time you see an advertisement. Your tunneling has gone to waste. If you use these same servers to upload files, they will be on their servers and they will be scanned, and if there is anything illegal on there, authorities would be contacted in extreme situations, but mostly your account will be locked.

Now your question is how can this be used in elections, well, it's the first scenario, basically seeing what groups you follow on facebook and what pages you're interested in, as well as on twitter and such will let me know who your role models are, the type of music you listen to, what you believe in, what you're interested in, and so on. My facebook profile says I speak 12 languages, my religion is Kopimism and I work as a satellite technician. Not everyone is so truthful, lol.

Concerning your ISF, General Security question. They have worked with third parties, as well as people at the domain registry handler (AUB) to spy on certain people and I will not get into this as I believe they do well in this scenario to catch the baddies, unfortunately it's the small baddies only. And getting around their third party tactic is relatively simple but there was no simpler way, until recently with all these backdoors that the NSA was using. Governments have the best viruses and backdoors :)

Offline

#6 May 27 2017

rolf
Member

Re: Internet Security Advice Needed

beezer wrote:

Now your question is how can this be used in elections, well, it's the first scenario, basically seeing what groups you follow on facebook and what pages you're interested in, as well as on twitter and such will let me know who your role models are, the type of music you listen to, what you believe in, what you're interested in, and so on. My facebook profile says I speak 12 languages, my religion is Kopimism and I work as a satellite technician. Not everyone is so truthful, lol.

I know that it is possible to infer your political opinions through things such as taste in music. For example, those who love to listen to Bob Marley are more highly likely to support legalisation of Marijuana. It goes further then that. There are companies specialising in such studies. There might not have been too many studies on the Lebanese market but I can only speculate on that.

Offline

Board footer