Tile find and track things

I vaguely remember back in the 80’s as Rubik cubes were popular, the miners were striking, and Thatcher was invading the Falklands the height of technology was a keyring that would beep in response to a whistle.

This technology has been brought into the modern age with a cool little blue-tooth device named a Tile
Tile keychain
From the site:

Never lose anything again

Are your things always running off? Not on our watch. Tile is a tiny Bluetooth tracker that helps find your lost stuff in seconds. Attach, stick, or place Tiles inside everyday items and keep track of them in our easy-to-use app.

Ring your things

Ring lost items just like you’d call a lost phone. If your Tile is within the 100-foot Bluetooth range, it will play a loud tune until you find it.

Ring your phone

Can’t find your phone? Press any one of your Tiles to make your lost phone ring—even if it’s on silent.

See where you had it

Give your memory a break. The app automatically records the last time and place it saw your item. So, if you left it somewhere, you know where to look first.

Ask others to help

Still can’t find your Tiled item? Expand your search using all Tile apps in our community. This feature is 100% private, so no one knows you’re looking for a lost item but you.

I’ve picked up a few and am looking for things to track 🙂

So keys, and wallet are obvious, then I thought what would actually be useful to track?

I thought what do we look for most? The TV remote was a top contender, as was my drone, but my first choice is one of my cats; the one that doesn’t seem to mind wearing a collar.

Now there is one issue with the Tile device, the app has to be open on your phone to log the location, and blue-tooth has to be active with GPS, that can drain battery life.

At first I was a little despondent about this until I had an epiphany; I’ve found a use for my Nexus 7 🙂

I can leave the N7 at home each day charging and it can be used to track the cats coming and goings.

One tile left, and I decided with this one I’d track the most valuable thing I own, the car… well wife’s car really. So apart from hiding another Tile in the interior of the car I want to know where it is, and rather than relying on other Tile users having the app open I thought I’d use another of my redundant Nexus devices, my N4.

As a bonus I have access to a public wifi network for no additional cost, so the N4 doesn’t need to be using 3G / 4G data that costs $’s… If I were using this as a security device rather than an exercise in geek then I’d probably go with a prepaid sim card.

So now I get to keep track of a few important items, I’ll post an update on how long I keep having the app live on my main phone (N5x) when out and about; thinking I might be able to use Xposed to open the app on boot. Having the N7 always live while in the home is a big bonus and makes the Tile’s a usable solution for now.

I am off on an overseas grand tour later in the year, and am tempted to drop a tile in my luggage to keep track of it in transit. It will be cool to know when it’s arriving on the conveyor 🙂

Facebook Is Adding Tor Support To The Android App


Android Police: Facebook Is Adding Tor Support To The Android App.

Engadget: Facebook on Android gives you privacy through Tor.

The Guardian: Facebook adds Android app support for anonymity service Tor.

So from what I understand all this will allow is FaceBook to be accessed via an onion domain.

Is this a good / bad thing?

Pro

Given the FB user base size, this may encourage more individuals to use tor, thus increasing the anonymity of the average tor user.

Cons

Tor offers anonymity, if I was to try and hack, brute force, guess login credentials to a FaceBook account, I’d be doing it via a tor connection.

Google Keep to Ubuntu

I’ve not been posting as often as I’d like due to the Android WordPress app not connecting… that’s another post.

What I have been doing over the last couple of days is dropping any stories that I like to Google Keep. This has to be the one mobile app that I find the most useful; from shopping, book, movie, games, and to-do lists, to inspirations, notes, and shit I must blog otherwise I’ll never think of the topic again 🙂

Trials of a 21st century digital life eh?

Google Keep is choice, but how do I access it from Ubuntu, I don’t even use Chrome?

Here’s a well explained guide from the Ubuntu Handbook: Install Google Keep in Ubuntu 14.04 Trusty

It does mean installing Google Chrome, not sure of any security risks, except the usual exposure to Google?

sudo dpkg -i google-chrome-stable_current_*.deb && sudo apt-get -f install

and voilà!

The Edward Snowden guide to practical privacy

Thanks to The Register; here’s The Edward Snowden guide to practical privacy

Edward Snowdon

If you’re just an average user concerned about your privacy

  • Use Tor when browsing. You don’t have to use Tor all the time (it does slow things down considerably and some sites will also block Tor traffic). But if you are looking at or for something that you feel is sensitive, then either set up your browser to work with Tor or use the Tor browser.
  • Use an ad-blocker. Says Snowden: “As long as service providers are serving ads with active content that require the use of Javascript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser – you should be actively trying to block these.”
  • Use a password manager. It doesn’t matter how many surveys and reports come out that tell people to use different passwords and complex passwords, a huge percentage of us maintain borderline idiotic approaches. The simple answer is: get a password manager. It will protect you.
  • Use two-factor authentication. Many services such as Gmail, Twitter, Dropbox, Hotmail, and Facebook offer this now for no charge. So even if your password does get exposed, you still have a backup such as a text message to your phone to secure your information.
  • Use apps that protect your information. Snowden suggests the smartphone app Signal, which encrypts both your phone calls and texts. It’s free and easy to use. Although of course, following a high-profile argument with the FBI, it would appear that Apple’s messaging service is also pretty secure (although Snowden would probably have doubts).
  • Use the HTTPS Everywhere browser plug-in. This comes from the Electronic Frontier Foundation (EFF) and will try to force all browser communication to be encrypted.
  • Encrypt your hard drive. This is comparatively easy these days but you have to be careful to do two things: one, have a longish phrase to make it worthwhile; and two, make damn sure you remember that phrase. There will be a slowdown in performance but nothing too bad if you have a modern machine.
  • Be smart with your security questions. Stop using your mother’s maiden name for everything. Likewise your first school. The key is to mix things up as much as possible so if someone does get into one of your accounts, they can’t use the same information to get in everywhere else.

After reading this I installed Whisper Systems Signal on my Android devices, and encouraged my friends and family to do the same.

Signal allows you to send encrypted texts and phone calls, all free of charge, combining the original apps TextSecure and RedPhone.

At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.

Over the past year, we’ve been working to bring the privacy software we’ve developed for Android to the iPhone, and today we’re releasing Signal – free, worldwide, encrypted voice calls for iPhone, and fully compatible with RedPhone for Android.

This free app is a no brainer for anyone who values their privacy, available on Android and iOS.

yubikey-neo + KeyPassX + KeyPassDroid + OwnCloud

KeyPassDroid

yubikey-neo + KeyPassX + KeyPassDroid + OwnCloud portable secure password vault

Searching through F-Droid for yubico I came across a link to KeyPassDroid; I’d come across a password safe solution on the yubico site using KeyPass, but was shied away as it mentioned the premium version… I don’t mind paying for shit, although if I can solve the issue with free open source alternatives I’ll spend hours trying 🙂

So the solution that I’ve pulled together:

  1. created a KeyPassX database on my Ubuntu machine with all login email details
  2. set password up in 2 steps
    1. self entered password
    2. password stored on yubikey-neo
  3. setup key
  4. saved key and KeyPassX database to OwnCloud
  5. from Android download key and database opened with KeyPassDroid
  6. password acquired on demand via NFC from yubikey-neo

Sorted, a free solution… excluding purchasing of yubikey-neo and host fee of website that allows for OwnCloud space.

Guess free alternatives could be Google Drive or MEGA for online file storage, and a more simple one step password 🙂

Quite happy with how it works, lets’s hope I don’t lose the yubikey-neo in the near future 🙂

yubikey-neo lock closed

So in a spurt of geekdom the other night I changed all of my passwords to work on a combination of different passwords for each login together with one of 2 static passwords, and 2 factor authentication, that I’ve set up on my new yubikey-neo.

Within 8 hours I had locked myself out of 2 Google accounts, a Reddit account, PayPal, and I’ve just gained access back to this blog 🙂

Think the secret is to do one at a time, acclimatise, then do another login credential.

I do love the functionality, and am just setting up KeyPass on my Linux box and Android devices, in the hope this will keep my passwords secure from my shitty easily distracted memory 🙂

On the up side I’ve been enjoying Metal Gear Solid V, and was treated to a surprise shower scene from Quiet this evening… nearly as good as the birthday FMV 🙂

Quiet Shower

I’ve maxed Quiet out to 100, and now she’s a formidable ally when armed with a silenced tranquilliser sniper rifle… need to now give the walker a run about and play a few missions guns blazing rather than stealth.

It looks like my twitter feeds from Yahoo Pipes have finally dried up; when I have the time and motivation I will set them up from another provider, I do kind of miss the constant geek news through the day.

binge of password changes

Status

I’ve just been playing with a yubikey I picked up a couple of weeks ago, and have gone a a binge of changing online passwords.

Wonder how many I’ll have forgotten the setup to by dawn 🙁

On the upside have unlocked Quiet on MGSv, and enjoying the more relaxed powerplay style completing missions again to max out special troops

free up a little personal RAM

Status

Today I ordered a YubiKey, mainly motivated that I keep forgetting passwords 🙂

I hope this will allow me to step up the complexity of passwords that I use, and free up a little personal RAM


One key. Two form factors. The Standard and Nano deliver a one-time passcode (OTP) with a simple touch of a button. No SMS-like passcodes to retype from one device to another. Our most basic YubiKey identifies itself as an external keyboard, which eliminates the need for client software or drivers. The nearly indestructible key holds tight onto its secrets, and its design ensures it will never be a vector for viruses or malware, just like the rest of our YubiKeys.

  • 128-bit AES encryption
  • Option to program own secrets
  • Works on Windows, Mac OS X, Linux operating systems; Firefox, Chrome and other browsers
  • Waterproof, crush safe, no battery (ask us about the dog that ate our YubiKey!)
  • Multiple configurations: including OATH, Challenge-Response
  • YubiKey Standard attaches to your keychain alongside your house and car keys; YubiKey Nano fits conveniently inside the USB port
  • Lowest total cost of ownership for strong two-factor authentication

Detekt: New tool against government surveillance – Questions and Answers

When Amnesty International are warning against government spyware, I think it’s a good time to listen.

Detekt is a free tool that scans your Windows computer for traces of FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.

https://resistsurveillance.org/

or to check for root kits for Linux:
sudo rkhunter --check

Tor Box

Tor Box

With This Tiny Box, You Can Anonymize Everything You Do Online

No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routing all your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.

Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tor—not just Web browsing, but email, instant messaging, filesharing and all the other miscellaneous digital exhaust that your computer leaves behind online

wired

What a cool idea, that’s why I’ve built one already: Onion Pi 🙂

Here the kickstarter link for those who don’t want to build their own: anonabox : a Tor hardware router

Hope these guys manage to get enough support, the price seems competetive… but will it be just a Tor router, and not get all the additional functionality of a Raspberry Pi?

Piratebox v1.0 afloat

Piratebox v1.0
Finally I have the Piratebox v1.0 working on the TP-Link 3020 🙂

I had tried redownloading the install_piratebox.zip file, and the 3020 firmware, and running through the step by step instructions with no luck 🙁

I sat like a doting puppy watching the flashing green lights, leaving the box for some times up to 45 mins!

Once I dug into the log file though, I could see where the install was erroring out… I felt even more foolish when it indicated it was only just after a minute 🙂

Error message:

root: /bin/box_installer.sh : ERROR: /mnt/usb/install/auto_package is not set

After a StartPage search (I’m trying not to use any google services!), I found this solution, thanks Matthias, you are certainly the captain of the Piratebox galleon!

mv /mnt/usb/install/auto_package_done mv/mnt/usb/install/auto_package
box_installer_start.sh

This didn’t quite work for me, I had to open the folder, and then copy / rename the file.
But after the installer began to run it was over in no time.

Time it took me to install Piratebox v1.0 ~ 12 hours of messing around watching the blinking lights
Time it actually took the script to run ~5 mins 🙂

So my box is now all setup, and ready for the next geek day out.

I’m now looking into adding the Piratebox message board to a Hidden Service 🙂

Raspberry Pi a Tor Proxy

Raspberry Pi Tor Proxy
It’s quite easy to make a Raspberry Pi a Tor Proxy, just order the parts from AdaFruit, and work through their easy to follow guide.

Or if you’re Gen Y, there’s a YouTube video 🙂

But this isn’t why I’ve acquired a Raspberry Pi!
I access Tor via a Arch Linux VirtualBox machine, booting a live version of Tails on my PC, and Orbot on my Android devices.

What I am actually looking to do is create a Tor Hidden Service; from wikipedia:

Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, even to those hosted behind firewalls or network address translators (NAT), while preserving the anonymity of both parties. Tor is necessary to access hidden services.

Hidden services have been deployed on the Tor network since 2004. Other than the database that stores the hidden-service descriptors, Tor is decentralized by design; there is no direct readable list of all hidden services, although a number of hidden services catalogue publicly known onion addresses.

Rather than pay a web host (although I love my current provider, the support team are fantastic!) I will host my own data on the darknet.
To keep the costs to a minimum, I wanted a low powered device, as it will be running continuously. I’ve old PC’s and laptops but they still gobble up power, voilà Raspberry Pi.

Tor Project have instructions on how to create an hidden service, and as the device I’ve ordered comes with a trimmed version of Debian, Raspbian, Wheezy, the Linux path should be easy enough to follow… famous last words 🙂

Now eager for the kit to arrive, so I can start to play!