May 30, 2011

Tips&Tricks: A little bit on personal information security - Tor and TrueCrypt

In these most auspicious times for social networking, business cloud migration and setting trends on twitter about Justin Bieber, I'll try to draw a bit more attention towards two open-source, free, industry proven, high quality pieces of software that can help you add a little more privacy and security to your personal information (if for whatever conspiracy theory driven reason you would feel the need to).

Tor (anonymity network) is a system, composed of client software and a network of volunteer servers, dedicated to ensuring online anonymity by helping to hide information about users' location and other factors which may help to identify them. Tor is an open-source implementation of the onion routing concept. Simplified, a message is repeatedly encrypted (n times) by the sender and then sent over n (randomly chosen) onion nodes to the receiver; each onion node removes one layer of encryption and forwards the message to the next node until the final exit node in the chain removes the last layer of encryption and forwards the message to its intended receiver. An onion node only has information about the node where it received the message from and the node to which it should forward the peeled message to. At no point along the path (except the exit onion node) does a routing node on the path hold the original message, the sender and the receiver. The combinination between Tor and a TLS system (e.g. HTTPS - check out The HTTPS Everywhere Project) removes the exit node vulnerability and makes for a quite free and robust online anonymity tool. Tor is free to download and extremely easy to install and use. Tor is by no means fail safe but it does a very good job at trying to keep your online anonymity intact from the perspective of message route path tracking.

TrueCrypt is a free, state of the art, on-the-fly encryption (OTFE) software that is compatible with Windows (7/Vista/XP), Mac OS X and Linux. It supports the AES, Twofish and Serpent encryption algorithms as well as various combinations of cascaded algorithms. Most importantly, on most current hardware architectures, parallelization and pipelining allow the system to read and write from/to an encrypted drive as fast as if the drive was not encrypted. TrueCrypt allows for the creation within a file of a virtual encrypted disk that can be mounted and unmounted, the encryption of an entire partition or storage device and plausible deniability tools like hidden volume and hidden operating system. TrueCrypt is also free to download and fairly simple to install and use.

I hope you found these software recommendations as interesting/useful as I did and I also hope that, if needed, they'll prove useful and save you some inconvenience. Now, let's get back to work and help trend #TrustInTheCloud #TheCloudIsSafe, #TheCloudCannotFail and #TheCouldIsYourFriend :P:D.

P.S. Some recently discovered Tor-based eye-candy.

1 comment:

BmvBooris said...

Nice post. I have been using TOR for quite some time now, but I have yet to try TruuCrypt. It sounds promising. I'll try it too :)