German Authorities Pressured E-mail Provider Posteo for Illegal Cooperation

posteo-logoAfter the abrupt shutdown of Lavabit in August, 2013, I switched to a small German e-mail provider, Posteo, that puts a premium on the privacy of its users. I’ve been happy with their service, which costs a modest sum of €1 per month.

Today, 5 May 2014, Posteo became the first German e-mail provider to issue a transparency report. And it’s a hell of a report. It shows that in 2013, the company received seven demands for information from domestic law enforcement authorities. Posteo could not comply with most requests because it doesn’t collect the requested data. No international requests were received.

But more notably, Posteo reports that in July 2013, Bavarian law enforcement officials pressured the company’s owner, Patrick Löhr, to provide unlawful cooperation. Among other things, officials wanted him to log the IP addresses customers use to check their e-mail messages. They threatened to search and seize Posteo’s business records if he did not comply. But rather than accede to this unlawful demand, Posteo filed a criminal complaint (PDF) against the officials involved!

Posteo’s response suggests to me that I chose the right e-mail provider.

Posted in computing | 1 Response

How I Saved My IMAP Lavabit Messages to Local Folders in Mozilla Thunderbird

LavabitWhen Lavabit founder Ladar Levison suddenly shut down the e-mail service rather than collaborate with a secret government order that he believed to be unconstitutional (a decision that I applaud), I was left with the problem of how to deal with my Lavabit messages. I had used Mozilla Thunderbird to access Lavabit using the IMAP protocol, which leaves messages on the server. I had local copies of my messages, but in Thunderbird, there is no straightforward way of copying these to a local folder when you don’t have access to the server. Which I don’t, because it’s been shut down.

It is desirable to move the Lavabit mail to local folders and then delete the Lavabit account so one won’t be perpetually nagged with the messages that the connection to the Lavabit server failed.

So here’s the solution I’ve worked out. You can only “rescue” the messages you already have locally stored. (If you had unfetched e-mail on the Lavabit server, I don’t know of any solution.) The procedure involves saving the messages in each folder to a corresponding folder on the Desktop, then creating corresponding folders in Thunderbird’s “Local Folders,” and then using the ImportExportTools add-on (by Paolo “Kaosmos”) to import the saved messages to the new folders.

Here are step-by-step instructions:

  1. Download and install the ImportExportTools add-on for Mozilla Thunderbird.
  2. In your operating system (say, on the Desktop) create a set of folders to which to copy messages. These folders should correspond to the folders you had on the Lavabit server. For example, “Inbox,” “Sent,” etc.
  3. In Thunderbird, click on a Lavabit folder to choose it and select all the messages in it (Command-A in Mac OS X).
  4. Right-click on the selected messages and choose “Save As,” then navigate to the corresponding folder you created. All of the messages that are locally available will be copied to that folder.
  5. In Thunderbird, under “Local Folders,” create new folders that correspond to the folders you had on the Lavabit server.
  6. Select one of these new folders, right-click, and then choose ImportExportTools->Import all messages from a directory->just from the directory. Repeat for each folder.

That’s it. After locally saving all your messages, you can delete your Lavabit account from Thunderbird.

I’m now in the process of looking for a new e-mail provider that respects user privacy the way Lavabit did. Suggestions welcome.

Update: For now, I’ve found a new e-mail provider, Posteo.de. It’s a small German company with an office in Berlin and server in Frankfurt. Basic service costs one euro per month. Their e-mail server connects to other servers via TLS when possible, and Perfect Forward Secrecy is enabled for webmail connections. Sign-up is in German, but the webmail interface may be set to other languages.

Posted in computing | Tagged , , | 6 Responses

Escaping PRISM (Part 1: Unassimilating from the Google Collective)

In view of NSA whistleblower Edward Snowdens revelations regarding the US governments unlawful blanket surveillance of electronic communications, Ive been doing what I can to enhance my privacy. In particular, Im reducing to the extent possible my dealings with the companies that colluded with the NSA against their customers as part of the PRISM program. These companies are:

  • Microsoft
  • Google
  • Yahoo!
  • Facebook
  • PalTalk
  • YouTube
  • Skype
  • AOL
  • Apple

In addition, Dropbox was reportedly scheduled to join PRISM. Ive used the services of all of these companies except PalTalk.

I was assimilated by the Google Collective

I was assimilated by the Google Collective

Ditching Google

In particular, I was a heavy user of Googles services and a paying customer. Googles motto is Dont be evil. I think that secretly handing over all customer data to any government is pretty damned evil.

While Google already knows a great deal about me, henceforward, I would like them to have as little information as possible. They’ve proven that they are not to be trusted.

Here are replacements Ive found for various Google services:

LavabitGmail -> Lavabit

For $16 per year, Lavabit offers 8 gigabytes of e-mail storage and the option to keep all your data on their server encrypted. (See Secure Mail Storage on Lavabits Features list.) Lavabit also offers free accounts, but these do not support secure mail storage.

After setting up my Lavabit account with a strong pass phrase, I configured Mozilla Thunderbird to access both my Gmail account and my Lavabit via IMAP. I created folders on my Lavabit account to match those on my Gmail account, and then I selected all the messages in each folder on my Gmail account and dragged them to the corresponding folder on my Lavabit account. This action copies the e-mail to Lavabit and deletes it from Gmail.

Ive been using Lavabit for about three weeks at the time of writing (my address is georgemaschke at lavabit dot com), and Im generally pleased with it. Lavabits webmail interface is rudimentary, however, and I recommend using an e-mail client like Thunderbird, Apple Mail, or Microsoft Outlook with it.

By the way, it appears that Edward Snowden is a Lavabit customer.

Google Docs -> Locally hosted files

I had been an occasional user of Google Docs, Googles on-line document editing service. Its great, except that Google is wantonly violating the privacy of all of its users by making their customers documents available to the NSA. I downloaded copies of all my documents from Google and then deleted them all from Googles servers. I wont be using Google Docs again.

StartpageGoogle Search -> StartPage.com

To enhance my privacy, I dont search Google’s search engine directly, but instead use Startpage.com (via HTTPS) as my default search engine. Startpage claims that it does not collect or share any personal information.

firefoxGoogle Chrome -> Mozilla Firefox

I have deleted Google Chrome from all my systems and instead use Mozilla Firefox. I dont care to synchronize my bookmarks with Google or share any information about my browsing habits and history.

onionGoogle Translate -> Access only through TorBrowser

I love the Google Translate service. It is very helpful as an on-line dictionary (and more). But I dont care to be tracked. Thus, when I want to use this service, I access it through the Electronic Frontier Foundations Tor Browser Bundle, which routes my inquiries through the Tor proxy network. For full functionality, you will need to enable JavaScript for the site. (On Android devices, try Orbot.) I also use TorBrowser (included with the bundle) for casual web browsing simply to protect my privacy. Note that the Tor network should not be used to log into any website that doesnt support HTTPS.

Google Calendar -> Locally hosted calendars

I have downloaded all of my calendars from Google Calendar and deleted them from Googles servers. Using Dominik Schrmans Offline Calendar app, I have created a local calendar on my Android phone that is not synced with Google.

In future posts, Ill share the alternatives Ive found for other PRISM-partner services. Comments, questions, and alternative ideas are welcome below!

Posted in computing | 3 Responses

New York Times Misrepresents Iranian Leader’s Speech

30741_970

Iranian Supreme Leader Ayatollah Ali Khamenei speaking in Tabriz Tehran on Saturday, 16 February 2013

This morning, I woke up to headlines in Google Reader, where I subscribe to stories about Iran, that Iranian leader Ali Khamenei had said that although Iran was not seeking nuclear weapons, no nation could stop it from getting them if it wanted to. That angle seemed a tad sensationalist, and I decided to listen to Khamenei’s speech in its entirety, in the original Persian. It was nearly an hour long, and he substantially addressed Iran’s position on nuclear negotiations with the United States. I then went back to Google Reader to look at press coverage of the speech, and the first article I found was Thomas Erdbrink’s article, “Ayatollah Says Iran Will Control Nuclear Aims” in the New York Times.

Erdbrink’s byline is Tehran, and his Twitter profile indicates that he has lived in Iran for a decade. So I was surprised to see him report that Khamenei’s remarks were made to “a group of visitors to his home in Tehran.” Khamenei’s remarks were actually made before a large audience in Tabriz indeed, as illustrated in this photo published on the Iranian leader’s official website:

30742_840

But what most struck me about Erdbrink’s report was reading this: “[Khamenei] called on the United States to show ‘logic’ while talking to Iran, without further elaborating.” I found this remarkable because Khamenei had elaborated at length about what he termed America’s lack of logic. Had Erdbrink heard the same speech I had? I raised the topic with him in a series of Twitter posts (newest at top):

Screen shot 2013-02-17 at 4.56.34 PM

Erdbrink tweeted back the following:

Screen shot 2013-02-17 at 5.00.41 PM

I take Erdbrink’s word for it that processing of speeches takes time, and they are not released in full immediately. But I would expect a correspondent for America’s paper of record to get the facts right about where a speech was given, to indicate that the reporting was based on preliminary reports if such were the case, and to not aver that the speaker had not elaborated further on a point without knowing whether or not that was true.

As I indicated earlier, Khamenei in fact expounded at length on what he termed America’s lack of logic. Here is a rough translation that I have prepared of the portion of Khamenei’s speech to which I referred Erdbrink:

How are they illogical? The evidence for their being illogical is these contradictions between their words and their deeds. They speak in one manner and behave in another. Well, there is no clearer evidence than this for their being illogical. A logical person says something persuasive and then acts in accordance with what he has said. These gentlemen — the American political leaders and their Western followers — are not like this. They say one thing, they make one claim, but in practice, the do precisely the opposite. Let me now give several examples:

They claim, “We believe in human rights.” Indeed, the Americans have raised the flag of human rights. They say “We believe in human rights” — not only in their country, America, but in the whole world. Well, this is a statement, a claim. What about in practice? In practice, it is they who strike the most blows against  human rights, who show the greatest disrespect to people’s rights in various countries, to different nations. Their secret prisons throughout the world, their prison at Guantanamo, their prison in Iraq — Abu Ghraib, their attacks against civilians in Afghanistan, in Pakistan, in various places. These are examples of the Americans’ so-called human rights! Their drones take off, they spy and pressure people, which you hear about every day in Afghanistan and Pakistan. But these very drones, in the words of one American magazine written just a few days ago, will cause headaches for them themselves.

They say, “We are committed to the non-proliferation of nuclear weapons.” The pretext for their attack against Iraq eleven years ago was precisely that they said Saddam’s regime in Iraq was making nuclear weapons. But they went and didn’t find any, and it became clear that it was a lie. They say, “We are committed to the non-proliferation of nuclear weapons.” At the same time, they defend and protect a nefarious government that both possesses nuclear weapons and threatens to use them, that is, the Zionist state. That is what they say, this is what they do.

They say, “We believe in spreading democracy in the world.” Let’s not get into what sort of “democracy” America itself has. We won’t get into that. Despite this claim, America is constantly opposing and confronting a country like the Islamic Republic of Iran, which has the plainest and clearest democracy in this region. At the same time, they line up behind countries in this region that have seen neither hide of democracy nor hair of elections, voting, and ballot boxes — and defend them with utter shamelessness. This is their commitment to democracy! See how great is the gap between word and deed.

They say, “We want to settle our issues with Iran.” This is something they have said many times. Lately, they are saying it even more. They are saying, “We want to negotiate and solve our issues with Iran.” This is what they say. But in practice, they resort to sanctions, they resort to false propaganda, making inappropriate statements, and constantly publishing falsehoods regarding the government and people of the Islamic Republic of Iran.

Just a few days ago, the American president gave a speech and talked about Iran’s nuclear issues as if the dispute between Iran and America is that Iran wants to make nuclear weapons. He says “So far as we are able, we will not permit Iran to build a nuclear weapon!” Well, if we wanted to build a nuclear weapon, how could you “not permit” us to do so? If Iran wanted to have a nuclear weapon, America could by no means stop it from doing so.

We do not want to build a nuclear weapon. Not because it would upset America. This is our own conviction. We believe that nuclear weapons are a crime against humanity and should not be produced. Those that already exist in the world must be eliminated and destroyed. This is our conviction; it has nothing to do with you. If we did not hold this conviction and decided to build a nuclear weapon, no power could stop us, just as in other places they could not stop it: they couldn’t in India, they couldn’t in Pakistan, they couldn’t in North Korea. The Americans were opposed, but they still built nuclear weapons.

Their saying, “We will not permit Iran to build nuclear weapons” is deceptive speech. Is the controversy over nuclear weapons? In Iran’s nuclear case, the controversy is not over nuclear weapons, the controversy is over the fact that you want to prevent the Iranian nation from exercising its absolute and incontrovertible right to nuclear enrichment and peaceful use of Iran’s own domestic potential. But of course, you cannot do this either, and the Iranian nation will do that which it is its right to do.

American politicians speak illogically. One cannot sit and rely on logic in speaking with an illogical interlocutor. He is illogical, after all. Illogical means unreasonable, idle-talking. This is a reality that we have clearly understood throughout these thirty past years in confronting various world issues. We understand with whom we are dealing and how to deal with him.

As we see, Erdbrink’s reporting that Khamenei “called on the United States to show ‘logic’ while talking to Iran, without further elaborating” is patently untrue. I think the New York Times owes its readers a correction.

Update: I mistakenly inferred from the opening lines of an article on Iranian leader Ali Khamenei’s website, which speaks of Khamenei having “an enthusiastic visit with thousands of people from Tabriz” that his Saturday speech was delivered in Tabriz, and I chided Thomas Edebrink for getting the location of the speech wrong. It appears that it is I who was mistaken. Eredbrink corrected me in a tweet, and the English language Tehran Times confirms that the audience was indeed held in Tehran.

Posted in Iran, Persian language | Leave a comment

Persian Word of the Day: رزمایش

The Persian word for “military exercise” is رزمایش.The word is constructed from رزم (combat) and the suffix آیش (coming together; from the verb آمدن). I came across it today in an article by the Islamic Republic News Agency on a Turkish naval exercise (رزمایش دریایی) that for the first time included Iranian military observers.

Posted in Persian language, Persian Word of the Day | Leave a comment

Persian Word of the Day: زیرساخت

The Persian word for “infrastructure” is زیرساخت. The word is sometimes used in the plural (زیرساختها) in ways that “infrastructure” (being a collective noun) is not in English. I came across زیرساخت in the context of a BBC Persian article about a malware (بدافزار) attack targeting Iran’s Petroleum Ministry:

این سازمان [سازمان پدافند غیرعامل ایران] وظیفه ایجاد هماهنگی میان نهادهای مختلف حکومتی به منظور آماده سازی آنها برای مقابله غیرنظامی با حملات نظامی احتمالی را بر عهده دارد، تا درصورت انجام حمله علیه ایران، خسارت های وارد شده به زیر ساخت ها و تأسیسات را به حداقل برسد.

Posted in Persian language, Persian Word of the Day | Leave a comment

Persian Word of the Day: مهندسی معکوس

Today I learned the Persian term for “reverse engineering”: مهندسی معکوس. It arose in the context of news that Iran is reverse engineering the American RQ-170 stealth drone that it brought down largely intact last December. The following is an in-context citation from Fars News:

خبرگزارش [کذا] آمریکایی آسوشیتدپرس نیز با انتشار بازتاب این خبر به گوشه‌ای از سخنان سردار حاجی‌زاده در خصوص رمزگشایی این پهپاد اشاره کرد و گفت که ایران روز یکشنبه اعلام کرد که با مهندسی معکوس هواپیمای جاسوسی آمریکا که به تسخیر سپاه درآمده بود، ساخت یک نسخه از این هواپیما را آغاز کرده است.

Posted in Persian language, Persian Word of the Day | Leave a comment

How to Stop Picasa Links from Redirecting to Google+

If you use Google’s Picasa service to share photographs (as I do) and also use Google+, you may be troubled to discover that Google is redirecting links to your Picasa albums to its Google+ social networking service. I find this a dubious business practice that violates Google’s motto, “Don’t Be Evil.” It’s evil because:

  • Picasa users are not informed that their Picasa links will be redirected to Google+;
  • Those without Google accounts cannot download photos at full resolution from privately shared albums on Google+;
  • Google appears to be hijacking users’ Picasa links to promote its Google+ service.

Now, I do like Google+ (you’ll find me there here), but when I share a link to one of my Picasa albums, I don’t want my friends to be redirected to Google+. Fortunately, there is a solution: add “?noredirect=1″ to the URL. For example, this is the link to my public Picasa albums:

https://picasaweb.google.com/116790950801070160641

Clicking on that link redirects you to my albums on Google+. But the following modified link will not be redirected:

https://picasaweb.google.com/116790950801070160641?noredirect=1

If the link you want to share already includes parameters after a question mark (as will links to privately shared albums), then simply add “&noredirect=1″ to those parameters.

But we shouldn’t have to manually edit Picasa URLs to prevent them from being automatically redirected. Google should fix this by ceasing automatic redirects and offering Picasa users who so desire the option of sharing albums via Google+.

Posted in computing | 45 Responses

Glenn Beck Says Stop Listening to Morons!

Posted in humor, politics | Leave a comment

US Citizens May Be Added to Treasury Department Black List

Mansour Arbabsiar

Today I learned that US citizens may be added to the “Specially Designated Nationals” (SDN) list maintained by the US Treasury Department’s Office of Foreign Assets Control. Those who are added to this list have their assets blocked “and U.S. persons are generally prohibited from dealing with them.”

On Tuesday, 11 October 2011, US citizen Mansour Arbabsiar (who also holds Iranian citizenship) was added to the SDN list:

ARBABSIAR, Manssor (a.k.a. ARBABSIAR, Mansour), 805 Cisco Valley CV, Round Rock, TX  78664; 5403 Everhardt Road, Corpus Christi, TX  78411; DOB 15 Mar 1955; alt. DOB 6 Mar 1955; POB Iran; citizen United States; Driver’s License No. 07442833 (United States)  expires 15 Mar 2016; Passport C2002515 (Iran); alt. Passport 477845448 (United States); Driver’s License is issued by the State of Texas (individual) [SDGT] [IRGC]

Arbabsiar is in custody on charges of conspiring, among other things, to assassinate the Saudi ambassador to the United States.

I am not a lawyer, but it sure seems to me that pre-trial blocking of a citizen’s assets and prohibiting US persons from dealing with them amounts to punishment without due process of law.

Other United States citizens on the SDN list include Anwar Nasser Aulaqi (who remains on the list some two weeks after his assassination-by-drone), alleged Mexican drug cartel bosses Blanca Cázares Salazar and Victor Cázares Gastelum, alleged Shabab militia member Omar Shafik Hammami, alleged terrorist plotter Raed M. HijaziMuhammad Hamid Khalil Salah, who was “found not guilty of conspiring to illegally finance Hamas terrorist activities in Israel” but was convicted on an obstruction of justice charge “related to lies prosecutors said he told about his ties to Hamas,” and Abdul Rahman Yasin, who is wanted in connection with the 1993 World Trade Center bombing.

Posted in Iran, politics | Leave a comment