Tuesday, July 9, 2013

RetroShare: True Internet Privacy Requires a Change of Habits.


by Dietrich Schmitz

I've been thinking about making changes to how I currently use the Internet.

One thing is for sure, it's hard to break old habits.

Of course, it's convenient to use Gmail.  And that it is unencrypted along with everything else including Drive is beside the point.

This convenience must be dealt with.  If your privacy is going to be protected, Americans, your only recourse is to employ encryption--unbreakable encryption.

And, I've been looking at RetroShare.

I think that RetroShare is perhaps the best example of what privacy-enabled software should offer.

But making a commitment to force oneself to adopt the needed technology is key.  It's not that hard to put into play.  I have RetroShare on my Netbook.  Let's see what it took to set it up.

Environment


First, I will say this is a discussion regarding the use of your 'home' PC.  I use PC to generically refer to your computing device.  It's an old term, and, I'm getting old.  Had an IBM PC in '83.  But I digress.  So, okay.  You are home and wondering how you can boost your privacy?.  Let's take a look at your Wireless Router.  Mine is a Cisco Linksys E3000, which I reflashed with DD-WRT, but yours may be any kind which supports uPnP.

Let's have a look at the router.  Bring up yours (my ip is 192.168.1.1) and login with your admin login id and password:

Enable uPnP support on your Wireless Router
The location of this information will vary according to your manufacturer's design.  Straight away, I am strongly recommending you use uPnP.  Why?  Because it will automatically make all of the port forwarding decisions for you.  Otherwise, you do have the choice to manually select an inbound TCP and UDP port and define the forwarding ip address of your PC on your home LAN.  But, I won't show how.  Just use uPnP if you have it.  Most routers support it.

RetroShare Software Installation


Okay with that out of the way, I am now taking you to the RetroShare website's download page.  On my PC, I am running Netrunner 13.06 Enigma, an Ubuntu derivative with KDE Plasma Workspace.  I'll just call it KDE.  I hope +Aaron Seigo and +Martin Gräßlin won't mind.  Anyhow, that means I can follow the directions pertaining to Ubuntu:

RetroShare installation instructions for Ubuntu
Sweet.  This should be easy.  And, it was.  I won't show you how to do the install steps.

So, great.  We've got RetroShare installed, you've input your name, email address, and created the needed GnuPG key and should arrive at this screen:

RetroShare main screen

There it is.  The main screen of RetroShare.  On the bottom of the window, note NAT and DHT.  If you are using uPnP on your router, both will be initially red and NAT will turn yellow and eventually green.  Both will become green all on their own without any further action on your part.  This is why I suggest uPnP.  It's the most painless way to get up and running.

If, however, your router doesn't support uPnP, you'll need to do some extra legwork on both the router side and on RetroShare in settings.  Let's take a brief look at settings:

RetroShare>Options (Gear)>Server screen
Click the gear on the left of your RetroShare, then Server and you'll see the above.  If you need to manually configure port forwarding on your router, you'll need to switch your settings to "Manually port forwarded" here.  This is the hardest part of setup on RetroShare.  But we are striving for maximal privacy here, are we not?  Yes.  I hope you will prevail and conquer this.  Be proud you did it.

And so we have presumably done the router configuration, installed RetroShare and can see we are on-line by the number of users across the peer-to-peer server-less system.

Connecting With Your Friends


Fantastic if you've gotten this far.  But, we are not doing much until we establish one or more Friends connections with people we know.  That sentence is subtle but the distinction here is important.

This isn't like a Bittorrent or Tor P2P system.  No, it is quite different and very restrictive.  It is a 'Friend-to-Friend' (F2F) 2048-bit RSA encrypted key system tunneled over Secure Sockets Layer (SSL) where all data moving along the Distributed Hash Table node list is multi-plex encrypted.

What that means is that all of the data is gibberish to anyone other than you and your designated 'Friends' with whom you have explicitly taken the crucial step to share your F2F public key.

Isn't that what you really want?  Yes, it is.  And one of the many benefits you will find in using RetroShare is that the exclusivity of F2F means that nothing will be on your private channel but what you choose, including email.  Yes, email will only go to and come from your Friends.  That means, NO SPAM.  Guaranteed.  Assured.  Isn't that great?

Alright, so sharing your public F2F key is something which you will want to exercise care doing.

Technically, you can go straight into email and send from RetroShare a Friend request to one of your gmail Friends.  But, if you take the 'ultra-paranoid' point of view (cough NSA PRISM), that email can be read by any third-party concern.  And, a rogue 'imposter' could conceivably assume the identity of one your supposed dear Friends.  That wouldn't be good.

What to do?  I think the simplest way to share privately your F2F key is to coordinate with them 'by phone call' a session for sharing, using either cryptocat.org or cryptobin.org.

It just so happens that I've tested both and they work quite well and are relatively easy to use and will become 'routine' after using once or twice.

The first thing you need to do is get a copy of your F2F key.  Where is it?  It is in Options>Profile>Certificate.  Don't be intimidated by what you see.  It's how encryption works.  You need to copy the certificate to the clipboard with the copy to clipboard button, or, right-click, select All, then right-click, copy to accomplish same.

There.  You've got a copy of the key.  Our goal here is to contact your Friend, have them do all of the preceding steps so they have RetroShare installed and ready to exchange F2F keys.  Here's the screen for the certificate:

RetroShare F2F Certificate screen
You'll notice, I intentionally erased a bit of the image to defeat anyone from copying my current F2F key.

Off we go with our Friend to cryptobin.org.  You'll see below, I have pasted in my F2F key, set the time to expire to 1 day and generated a password using the 'Generate' button.  If you leave the screen without recording the password, then your Friend won't be able to unlock the screen.  Ideally, if you have them on the phone, manually create a mutual strong password (no need to press Generate in that case).

If the user is not currently available, bookmark the url created by cryptobin and email it to your Friend.  Have them call you for the password.

Cryptobin.org screen where you can share your F2F key with your Friend securely.


And, they will do the same with you to exchange their F2F key.  Don't forget to press the 'Bin It!' button, which will encrypt your message and create the needed url for your Friend to access when they have time.

So where does the F2F key get added?  Click Add a new Friend, then select 'Enter the certificate manually' and press Next:

RetroShare Add a new Friend screen.  Select 'manual' and press Next

Now, you need to take the Friend's certificate which they sent to you using cryptobin and paste it into the second empty window and press Next:

Paste your Friend's certificate in second window

This is the Make Friend screen.  If I shared my F2F key with you, you'd be seeing my name as shown.  Only sign F2F keys for people you know personally.  This is important as GnuPG is based on the Web of Trust principle.  Here's a screenshot:

RetroShare Make a Friend screen
As you know this Friend personally, you should sign the key.  Click Finish and you are done!

Congratulations!  You are now connected to your Friend(s).

Now the fun begins with total privacy assured for Chat, email, file sharing, voice and video calling, Chat forums, and Channels.

As always, act responsibly, be a good Netizen, and obey all laws for your respective country.

I hope you will make a commitment and change your habits to reclaim your privacy.

Best of Luck and Be Safe.

-- Dietrich
Enhanced by Zemanta

0 comments:

Post a Comment