Tag: security

Questions about Racism, Immigration


Racial Attacks in New Zealand

I can’t believe it’s been almost a year since I wrote the blog post about Racism . While that one was in response to Russel’s post about a year back, this one is about the cowardly attack on the 50 odd and rising people died in the racist attack in New Zealand few days back. While I knew things were and charged with Trump and the right or/and alt right is rising in Europe as well but didn’t know that the fire had spread through Australia and New Zealand as well. And before people point fingers, it isn’t as if India is any better in the current circumstances. I came to know of the news on twitter where a gentleman named Khaled Beydoun broke the story . I had not been well the day before hence after work had just slept and woke mid-afternoon. I usually freshen myself but that day either due to laziness or whatever, I opened and was shocked when I read the news on twitter. My eyes, brain must have not properly woken up as I urged Khaled, along with many others to share the stories of the victims so people might know about them. In India, it has been more or less characterised as something to celebrate with slogans like ’50 would-be terrorists slain’ and such nonsense, I did feel it was part of some larger scheme as then also heard that the shooter had a webcam and live-streamed the whole thing on Facebook. Around the same time or a little later, also came to know about Senator Fraser Anning who talked about ‘White Australia’ . The idea behind ‘White Australia’ has been mirrored by the Right in Poland today/yesterday.

Immigration

The idea is similar in many ways to what Brexiteers told to people living in Britain. In essence we see the following characteristics –

a. Immigrants are the problem of all problems – While time and again has shown that Immigrants have been the source of growth in all developed countries, they are still able to get that particular message across. We had movies like Pathemari from South and fortunately or unfortunately many more movies on the same subject pursued in Hollywood. Some of the movies which I have enjoyed and have also found challenging are Moscow on the Hudson, (one of the best performances given by Robin Williams, The Immigrant , Man Push Cart, The Namesake (the Novel first and then the Movie) , Brooklyn , Sugar and many more. To distill down, all the movies, it comes to a singular fact, we love the place where we are born. We learn the taste, the smell, the culture and are assimilated by it long before we know it. It is only when people go to a different place whether to visit or to live as an immigrant that a dissonance is created and people spend their whole lives trying to fix the dissonance somehow.

In fact, I know at least 10-15 friends and family personally who have been forced into being Economic migrants for life, many of them into IT or Information Technology or business. While I may have shared this pattern before, just a few months back, (without taking names), a friend of mine wound up going back to States. He had made good money in States, is and was at a high post, had made enough money to buy a bungalow in Pune. He sent resumes from United States to Indian companies in and around Pune where they promised him comparative earnings, But when he was back in the excuse of being with the family i.e. father, mother, sister et al he found that they were promising him now half or 1/3rd of what they had promised him before. And this is without any of the benefits which he was enjoying in States. His wife is also from Pune, India and a working professional. In the end, he had to sell his bungalow and say a tearful bye to his parents and sister. This is the case in almost all of Kothrud. I may have shared about Kothrud before. This is a place around 5-6 kms. from my place, where thousands of parents are living a good life as their children are abroad. They feel good that the children are earning good, but many or most of them miss the human touch, the love and care that children can give. There are now non-profits and even the police who do try to care of the old and the aged but there is only so much they can do.

Why people leave, the Brain Drain and Politics in India

Just to share some facts about the Indian Industry, the Indian Government has several plans and schemes on paper, but most of them are unworkable in real life. They have fallen flat as Startup India and ‘Make in India‘ which have been reduced to being mere logos within India. In fact, almost all economic indicators are at a record low. While except for mobiles, most electronic products are stalling, even Cars and Bikes sales which are known as bell-weathers of how the Indian Economy is doing tells the story well. In fact, the current stats. of unemployment should raise a cause of concern. The story does have political colors as now it has come to light that RBI had advised against demonetisation before it was announced and now we are fully into election mode. There is and was China-bashing without realizing we need them as we have no alternatives and even no plan. There have been accusations being made against Pandit Nehru for giving the UNSC seat without understanding the politics behind it. While I of course, need to read more of history, it does point to the fact that if Pandit Nehru had taken the seat, then India would have had war with China in 1955 rather than 1962 when it did. The reason I shared the above is at least most of the problems in India are of its own making, or at the very least, its leaders, the same I fear could possibly be said of many countries.

A hypothesis

There are couple of other painful truths which I feel we don’t want to face, we are all migrants if we believe and support the hypothesis and observation that anthropologists have made about Homosapiens, to the extent as to where they were found and how migration happened over generations. By the same coin, an argument can be made that all of us have our hands bloody. Either in the recent or waaay in the past, the history we don’t know, we either wilfully or tacitly killed whatever was native to each land, whether it was humans or nature itself.

Reasoning for fear of Immigration

b. Nationalism will solve all the problems – There is this wide-spread belief that either ultra-nationalism, or being ultra-whatever will solve all problems. It took more than 200 years for the separation between the church and the State if you read the article on Wikipedia and look up some of the links they have mentioned therein and less than 5 years with help of technology to try to have them together. The idea of one race, one thought has been peddled before and it has resulted into untold destruction. and there is no evidence to point that it will be anything different today.

c. The main crux though of the matter though is probably Immigration and jobs, security – This is where the actual fight is. Most people believe that the natural-born should have some sort of entitlement, more than the Immigrants and that Immigrants get favors which from at least my reading has not been true at all. One point though, I am talking about Economic Migrants here and NOT migrants who end up elsewhere from where they are due to war, famine, natural calamities. For such people who are the unluckiest because they are not in charge of their fates I have no clue as it is much more complex than Economic migrants. Any solutions should have humanitarian focus but is easily pulled into politics as has been seen in India and potentially is the same for other countries as well. It is very much possible that at some future date, we may find India culpable in Rohingya genocide if that becomes the case. This reminds me very much of the Komagata Maru incident in which Indians died and the Canadian PM later apologized.

There was only one advertisement from some European freezing country (climate-wise) which said they will provide or give a house to whoever migrates there (have forgotten the name of the country) but in most countries Immigrants have quite a number of issues. Last year when trying to understand about Taiwan, came to know about immigration issues within Taiwan, much of which is espoused quite nicely in the recent issue of thediplomat. I would venture other countries would have similar issues. I had shared before when I visited Qatar and came to know that in almost all Middle-east countries Indians and people from the sub-continent have a work visa and in many ways they are bonded labourers. Only last year they have made some changes. After coming back to India, Pune I was able to ask and know from many people both in Pune and elsewhere and all of them had similar stories to share. I remember reading some article about immigration laws to Australia in which it was said that if a doctor trained in India were to migrate to Australia, he would have to go through the residency period all over again. That would add another 5-7 years for learning medicine again when s(he) could have been helping. This was shared not just in the article but also shared by personal experiences of few friends and people I met, casually had a chat and so on.

Why not Ban Immigration At all

If Immigration is such an issue why not ban it ? The New Scientist ran a series of articles on the same topic couple of years ago. While I would recommend to read them all, the best one which resounded within me was this one . I had a coincidence to meet quite a few doctors, nurses etc. during my travels, also when I was ill in the hospital. My landlord too was a Doctor who served all his life in UK in NHS . While we have somewhat of a quarrel-some relationship due to renter and rentee, he has shared lot about NHS in Britain. Interestingly, lot of his colleagues were from India, apparently close to 30-40% of the doctors and nurses are from India. The same I have heard about Gulf Countries as well. There are also articles by Rukhsana Khan, I especially liked the article in which she shares about immigration in Canada which I found to be quite interesting. The comments much more so as it tells how much as a species we have yet to grow.

The Positives

While the cost has been high, there has been a net positive as far as inclusiveness for New Zealand is concerned. Jacinda Ardern, the world’s youngest female leader, as shared by Economist had been forthright, critical and called it a terrorist attack. This must have been really difficult for Jacinda to do politically especially when you see her background as shared by Economist, the reasons people chose her. But this is what leaders are expected to do, to lead and not be predictable. This is something our great leader has not been able to. The whole world has commended her for the way she has managed to lead, both with grace and empathy. While I did see some people commenting on her need to use the hijab, most people have complimented her for the way she communicated and foremore, bringing restriction to gun ownership esp. in automated rifles . This is something that United States has failed to do despite so many killings which have taken place 😦

While the post has turned to be long there are still many feelings yet to be expressed, the first one is from a person of whose work I am a fan of and make no bones about it –

TL;DR: The effects of the rise of right wing populism are not dramatic and visible. Often they just involve an excruciating micronegotiation of your body and its place in geographies of suspicion. Do you know what happens when you wear skin and body of suspicion? In a country that overnight feels hostile because of an abhorrent act of terrorism, and an election that exercised the democratic will of bringing into power a fundamental extremist political party, you scan your everyday modes of being. The routines and ruts of habitual living suddenly become unfamiliar, suspect, alien. You take on the double weight of the loss and grief of the victims and the shame and repentance of the perpetrator. You inherit pity and terror of the tragedy with no catharsis. And you see yourself change. Instantaneously.

1. You find yourself smiling more. Whenever you are in public, you make an extra effort to smile at strangers, to convince them that the bag on your shoulders only has your laptop and no other weapon.

2. When you see the increased security, you try to look small, wrapped up in a shrug, to convince the scrutinizing gaze that you are not a menace.

3. When you sit on the train you realise that you sit differently. Not taking as much space, Keeping all your limbs to yourself, breathing in self-defence.

4. Your phone vibrates while you are sitting in the train. It is your mom. You wonder if you should take the call, and speak in your heathen tongue, and if it will offend or alarm people around you.

5. You hear the couple sitting next to you, peering over a train time-table and trying to figure out where they should change trains. You pause for a long moment before you give them advice in a language that you only speak brokenly.

6. You pretend not to notice the raised eyebrows when you betray your outsider status by speaking the local language clumsily, and accept the reluctant thanks before trying to hide behind your phone.

7. You are hungry. There is a lunch box in your bagpack. It is the left-over curry from dinner last night. You hesitate opening it lest the smells of your food bring forth a reaction that you might not be able to digest.

8. As you walk to the building where you have a meeting, you see a group of people drinking beer and being loud, and you instinctively scan to see if there is another entrance into the building that you can detour to.

9. You find solidarity in the people who are angry and in shock at this changed electoral and cultural trend in their country. They lament about how things are going bad. You don’t join them and instead spend all your effort in assuring them that you do not blame them, that you are happy to have them as friends and colleagues; you swallow your feeling of vague dread and spend time consoling them about the fate of things to come.

10. You meet a friend. You sit in a café and talk. You see a small group of people in their older whateveragebrackets pointedly looking at you and looking away when you catch their eye. When you see it happening more than once, you talk your friend into going somewhere else. When asked why, you say, ‘this is just so loud’.

11. You sit through an academic discussion. People are talking about vulnerability and safety. Care and creativity show up. The smart, insightful, and inspiring conversations develop, surrounded by plenty and privilege. You drone out because you remember the 5 refugees that you are counselling, who have sent you messages that given the current political climate, they want to drop out of their education development programme. Now is not a good time to be visible, one 19 year old has said.

12. You enter the central station and realise that you are going to have to sprint to the train. You are used to this. But today you walk measured footsteps even though you are going to miss the train. You don’t want to be running in your body, on a late evening train station. You miss the train and wait in the cold wind plucking at your cheeks, for the next one that takes you home.

13. On the ride back, you compose your face in rehearsed pleasantness. You wear your Asian niceness on your cheeks. The tiredness of the day has no place on your face. You are good, you are not a threat, you are acceptable.

14. You put on your headphones and are going to switch to the usual Bollywood mix that you listen to when you walk home. Before you do that, you remove the headphones and play the music. You are checking to see if the music is too loud, and seeping out of the headphones, betraying its ethnicity in its foreign cadences. You lower the volume and decide to play an American pop mix anyway.

15. You walk home on routine routes when you see three people walking behind you. It is a public space. It is your everyday route home. There are people around. You slow down to let them pass. You find comfort in the bagpack snuggling your back, like an armour.

16. You are fumbling for your keys at the entrance of the building. Somebody walks out of the door at the same time. You are happy not to be fishing for keys, so you ask them to hold the door and scurry up inside. The person asks where you want to go. You tell them you live here. You have never seen each other. You nod, wanting to get home. You get out of the slow elevator and from around the corner you see the person from downstairs looking at you. She has taken the stairs to see you safe home.

17. You enter home and even before you have taken off the bag, or the double layers of coats on your shoulder, you feel a weight come off your shoulders. You stretch to your full height. You breathe deeply. In the solace of solitude, you feel the layers of the day strip off. You head into a warm shower and wash all the gazes that have scorched your body. You step out. While drying in front of the misty mirror., you realise that if this continues, it will soon become habit. When your body is a question, you live like an apology. And these are the experiences of a life that is well shielded, protected, and supported by privilege, mobility, work, health, communities of love and trust, and money. So for anybody who is more precarious this must be amplified multiple times. If you know somebody who feels that they are bodies and skins of suspicion, now you know the cruel algebra of life that they are constantly solving. If somebody tells you they are worried, anxious, feeling afraid because of what this populist verdict has delivered, don’t downplay their dread. It is theirs. Let them work through it. You cannot change it by merely offering your love and care. It helps, but this is not a personal question of feelings – it is a structural problem of survival. Their experience is not an accusation towards you. It is merely an apology for themselves. You might not have voted for this to happen. But you are still a part of the system, and the only way out of this is for us to challenge the normalization of hatred and violence.

https://nishantshah.online/ , Nishant Shah , Academic, Educator, Researcher and Annotator, Netherlands.

As shared by Nishant, while I have not met him, have had the privilege to have read many of the articles penned by him many a times in Indian Express and other places. We also have managed to near-miss each other even though I have been to Bangalore quite a number of times to CIS when he was part of CIS . Also this is not just about what he experienced and what many other people who are foreigners or migrants feel, it is also to shed a light to all those who think of migration as the geese which lays the golden goose but forget the cost.

The other is one of my favorite lyricist, poet, writer who made many marriages happen and also likely to bear the cross for the same (from either husbands or wives) Miyan Javed Akhtar Sahab –

To speak of that which everyone is fearful, of that you must write
The night was never so dark ever before, write!

Throw away the pens with which you wrote the odes
In praise of the true pen dipped in the heart’s blood, write!

The narrow circles that confine you, break all of them
Come under the open skies now, of a new creation, write!

That which finds no place in the daily newspapers
That incident which happens everywhere every day, write!

That which has happened finds mentions
But of those that should have happened, write!

If you wish to see spring return to this garden
Call out from every branch and on every leaf, write!

Written by Miyan Javed Akhtar Sahab, translated by Rakshanda Jalil for scroll.in where it first appeared digitally to my knowledge.

webmail saga continues

I was pleased to see a reply from Daniel as a reaction to my post. I read and re-read the blog couple of times yesterday and another time today to question my own understanding and see if there is anyway I could make life easier and simpler for myself and other people whom I interact with but finding it somewhat of an uphill task. I will not be limiting myself to e-mail alone as I feel until we don’t get/share the big picture it would remain incomplete.

Allow to share me few observations below –

1. The first one is probably cultural in nature (either specific to India or its worldwide I have no contextual information.) Very early in my professional and personal life I understood that e-mails are leaky by design. By leaky I mean being leaked by individuals for profit or some similar motive.

Also e-mails are and were used as misinformation tools by companies and individuals then and now or using sub-set or superset of them without providing contextual information in which they were written. While this could be construed as giving straw man I do not know any other way. So the best way, at least for me is to construct e-mails in a way where even if some information is leaked, I’m ok with it being leaked or being in public domain. It just hurts less. I could probably give 10-15 high-profile public outings in the last 2-3 years itself. And these are millionaires and billionaires, people on whom many people rely on their livelihoods should have known better. In Indian companies, for communications they do have specific clauses where any communication you had with them is subject to privacy and if you share it with somebody you would be prosecuted, on the other hand if the company does it, it gets a free pass.

2. Because of my own experiences I have been pretty circumspect/slightly paranoid of anybody promising or selling the cool-aid of total privacy. Another example which is of slightly recentish vintage and pains me even today was a Mozilla add-on for which I had done RFP (Request for Package) which a person for pkg-mozext-maintainers@lists.alioth.debian.org (probably will be moved to salsa in near future) packaged and I thanked him/her for it. Two years later it came to fore that under the guise of protecting us from bad cookies or whatever the add-on was supposed to do, it was actually tracking us and selling this information to third-parties.

This was found out by some security researcher casually auditing the code two years down the line (not mozilla) and then being confirmed by other security researchers as well. It was a moment of anguish for me as so many people’s privacy had been invaded even though there were good intentions from my side.

It was also a bit sad as I had assumed (perhaps incorrectly) that Debian does do some automated security audit along with hardening flags that it uses when a package is built. This isn’t to show Debian in a bad light but to understand and realize that Debian has its own shortcomings in many ways. I did hear recently that lot of packages from Kali would make it to Debian core, hopefully some of those packages could also serve as an additional tool to look at packages when they are being built 🙂

I do know it’s a lot to ask for as Debian is a volunteer effort. I am happy to test or whichever way I can contribute to Debian if in doing so we can raise the bar for intended or unintended malicious apps. to go through. I am not a programmer but still I’m sure there might be somehow I could add strength to the effort.

3. The other part is I don’t deny that Google is intrusive. Google is intrusive not just in e-mail but in every way, every page that uses Google analytics or the google Spider search-engine be used for tracking where you are and what you are doing. The way they have embedded themselves in web-pages is it has become almost impossible to see almost all web-pages (some exceptions remain) without allowing google.com to see what you are seeing. I use requestpolicy-continued to know what third-party domains are there on web-page and I see fonts.googleapis.com, google.com and some of the others almost all the time. The problem there is we also don’t know how much information google gathers. For e.g. even if I don’t use Google search engine and if I am searching on any particular topic and if 3-4 of the websites use google for any form or manner, it would be easy to know the information and the line/mode or form of the info. I’m looking for. That actually is same if not more of a problem to me than e-mails and I have no solution for it. Tor and torbrowser-launcher are and were supposed to be an answer to this problem but most big CDNs (Content Distributor Networks) like cloudfare.com are against it so privacy remains an elusive dream there as well.

5. It becomes all the more dangerous when in mobile space where Google Android is the only vendor. The rise of carrier-handset locking which is prevalent in the west has also started making inroads in India. In the manufacturer-carrier-Operating System complex such things will become more common. I have no idea about other vendors but from what I have seen I think the majority might probably be doing the same. IPhone is supposed to also have lot of nastiness where it comes to surveillance.

6. My main worry for protonmail or any other vendor is should we just take them at face-value or is there some other way for people around the world to be assured and in case things take a worse time be possible to file claim for damages if those terms and conditions are not met. I looked to see if I could find an answer to this question which I asked in my previous post and I looked but didn’t find any appropriate answer in your post. The only way I see out of is decentralized networks and apps but they too leave much to be desired. Two examples I can share of the latter. Diaspora started with the idea that I could have my profile in one pod, if for some reason I didn’t like the pod, I could take all the info. to another pod with all the messages, everything in an instant. At least till few months back, I tried to migrate to another pod and found that feature doesn’t work/still a work in progress.

Similarly, zeronet.io is another service which claimed to use de-centralization but for last year or so I haven’t been able to send one email to another user till date.

I used both these examples as both are foss and both have considerable communities and traction built around them. Security or/and anonymity is still at a lower path though as of yet.

I hope I was able to share where I’m coming from.

Webmail and whole class of problems.

Yesterday I was reading Daniel Pocock’s ‘Do the little things matter’ and while I agree with parts of his assessment I feel it is incomplete unless taken from user’s perspective having limited resources, knowledge etc. I am a gmail user so trying to put a bit of perspective here. I usually wait for a day or more when I feel myself getting inflamed/heated as it seemed to me a bit of arrogant perspective, meaning gmail users don’t have any sense of privacy. While he is perfectly entitled to his opinion, I *think* just blaming gmail is an easy way out, the problems are multi-faceted. Allow me to explain what I mean.

The problems he has shared I do not think are Gmail’s alone but all webmail providers, those providing services free of cost as well as those providing services for a fee. Regardless of what you think, the same questions arise whether you use one provider or the other. Almost all webmail providers give you a mailbox, an e-mail id and a web interface to interact with the mails you get.

The first problem which Daniel essentially tries to convey is the deficit of trust. I *think* that applies to all webmail providers. Until and unless you can audit and inspect the code you are just ‘trusting’ somebody else to provide you a service. What pained me while reading his blog post is that he could have gone much further but chose not to. What happens when webmail providers break your trust was not explored at all.

Most of the webmail providers I know are outside my geographical jurisdictions. While in one way it is good that the government of the day cannot directly order them to check my mails, it also means that I have no means to file a suit or prosecute the company in case if breaches do occur. I am talking here as an everyday user, a student and not a corporation who can negotiate, make iron-clad agreements and have some sort of liability claim for many an unforeseen circumstances. So no matter how you skin it, most users or to put it more bluntly almost all non-corporate users are at a disadvantage to negotiate terms of a contract with their mail provider.

So whether the user uses one webmail provider or other, it’s the same thing. Even startups like riseup who updated/shared the canary do show that even they are vulnerable. Also it probably is easier for webmail services to have backdoors as they can be pressurized for one government or the other.

So the only way to solve it really is having your own mail server which to say truthfully is no solution as it’s a full-time job. The reason is because you are responsible for everything. Each new vulnerability you come to know, you are supposed to either patch it or get it patched, or have some sort of workaround. In the last 4-5 years itself, it has become more complex as more and more security features are being added as each new vulnerability or class of vulnerabilities has revealed itself. Add to that at the very least a mail server should at the very least have something like RAID 1 at the very least to lessen data corruption. While I have seen friends who have the space and the money to invest and maintain a mail server most people won’t have the time, energy and the space to do the needful. I don’t see that changing in the near future at least.

Add to that over the years when I did work for companies most of the times I have found I needed to have more than one e-mail client as emails in professional setting need to be responded quickly and most of the GUI based mail clients could have subtle bugs which you come to know only when you are using it.

Couple of years back I was working with Hamaralinux. They have their own mail server. Without going into any technical details, looking into the features needed and wanted for both the parties. I started out using Thunderbird. I was using stable releases of Thunderbird. Even then, I used to see subtle bugs which sometimes used to corrupt the mail database or do one thing or the other. I had to resort to using Evolution which provided comparable features and even there I found bugs so for most of the time I had to resort between hopping between the two mail clients.

Now if you look at the history of the two clients you would assume that most of the bugs should not be there but surprisingly they were. At least for Thunderbird, I remember gecko used to create lot of problems besides other things. I did report the bugs I encountered and while some of them were worked upon, the solution used to often take days and sometimes even weeks to be resolved. Somewhat similar was the case with Evolution also. At times I also witnessed broken formatting and things like that but that is our of the preview of the topic.

Crudely, AFAIK these the basic functions an email client absolutely needs to do –

a. Authenticate the user to the mail server
b. If the user is genuine, go ahead to next step or reject the user at this stage itself.
c. If the user is genuine. let them go to their mailbox.
d. Once you enter the mailbox (mbox) it probably looks at the time-stamp when the last mail was delivered and see if any new mail has come looking at the diff between timesw (either using GMT or using epoch+GMT).
e. If any new mail has come it starts transferring those mails to your box.
f. If there are any new mails which need to be sent it would transfer them at this point.
g. If there are any automatically acknowledgments of mails received and that feature is available it would do that as well.
h. Ideally you should be able to view and compose replies offline at will.

In reality, at times I used to see transfers not completed meaning that the mail server still has mails but for some reason the connection got broken (maybe due to some path in-between or something else entirely)

At times even notification of new mails used to not come.

Sometimes offline Thunderbird used to lock mails or mbox at my end and I had to either use evolution or use some third-party tool to read the mails and rely on webmail to give my reply.

Notice in all this I haven’t mentioned ssh or any sort of encryption or anything like that.

It took me long time to figure out https://wiki.mozilla.org/MailNews:Logging but as you can see it deviates you from the work you wanted to do in the first place.

I am sure some people would suggest either Emacs or alpine or some other tool which works and I’m sure it worked right out of bat for them, for me I wanted to have something which had a GUI and I didn’t have to think too much about it. It also points out the reason why Thunderbird was eventually moved out of mozilla in a sense so that community could do feature and bug-fixing more faster than either mozilla did or had the resources or the will to do so.

From a user perspective I find webmail more compelling even with leakages as Daniel described because even though it’s ‘free’ it also has in-built redundancy. AFAIK they have enough redundant copies of mail database so that even if the node where my mails are dies, it simply will resurrect it from the other copies and give it to me in timely fashion.

While I do hope that in the long-run we do get better tools, in the short-to-medium term at least from my perspective its more about which compromises you are able to live with.

While I’m too small and too common a citizen for the government to take notice of me, I think it’s too easy to blame ‘X’ or ‘Y’ . I believe the real revolution will only begin when there are universal data protection laws for all citizens irrespective of countries and companies and governments are made answerable and liable for any sort of interactive digital services provided. Unless we raise the consciousness of people about security in general and have some sort of multi-stake holders meetings and understanding in real life including people from security, e- mail providers, general users and free software hackers, regulators and if possible even people from legislature I believe we would just be running about in circles.

RequestPolicy Continued

Dear Friends,

First up, I saw a news item about Indian fake e-visa portal. As it is/was Sunday, I decided to see if there indeed is such a mess. I dug out torbrowser-bundle (tbb), checked the IP it was giving me (some Canadian IP starting from (216.xxx.xx.xx) typed in ‘Indian visa application’ and used duckduckgo.com to see which result cropped up first.

I deliberately used tbb as I wanted to ensure it wasn’t coming from an Indian IP where the chances of Indian e-visa portal being fake should be negligible. Scamsters would surely be knowledgable to differ between IPs coming from India and from some IP from some other country.

The first result duckduckgo.com gave was https://indianvisaonline.gov.in/visa/index.html

I then proceeded to download whois on my new system (more on that in another blog post

$ sudo aptitude install whois

and proceeded to see if it’s the genuine thing or not and this is the information I got –

$ whois indianvisaonline.gov.in
Access to .IN WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the .IN registry database. The data in this record is provided by .IN Registry for informational purposes only, and .IN does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. .IN reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

Domain ID:D4126837-AFIN
Domain Name:INDIANVISAONLINE.GOV.IN
Created On:01-Apr-2010 12:10:51 UTC
Last Updated On:18-Apr-2017 22:32:00 UTC
Expiration Date:01-Apr-2018 12:10:51 UTC
Sponsoring Registrar:National Informatics Centre (R12-AFIN)
Status:OK
Reason:
Registrant ID:dXN4emZQYOGwXU6C
Registrant Name:Director Immigration and Citizenship
Registrant Organization:Ministry of Home Affairs
Registrant Street1:NDCC-II building
Registrant Street2:Jaisingh Road
Registrant Street3:
Registrant City:New Delhi
Registrant State/Province:Delhi
Registrant Postal Code:110001
Registrant Country:IN
Registrant Phone:+91.23438035
Registrant Phone Ext.:
Registrant FAX:+91.23438035
Registrant FAX Ext.:
Registrant Email:dsmmp-mha@nic.in
Admin ID:dXN4emZQYOvxoltA
Admin Name:Director Immigration and Citizenship
Admin Organization:Ministry of Home Affairs
Admin Street1:NDCC-II building
Admin Street2:Jaisingh Road
Admin Street3:
Admin City:New Delhi
Admin State/Province:Delhi
Admin Postal Code:110001
Admin Country:IN
Admin Phone:+91.23438035
Admin Phone Ext.:
Admin FAX:+91.23438035
Admin FAX Ext.:
Admin Email:dsmmp-mha@nic.in
Tech ID:jiqNEMLSJPA8a6wT
Tech Name:Rakesh Kumar
Tech Organization:National Informatics Centre
Tech Street1:National Data Centre
Tech Street2:Shashtri Park
Tech Street3:
Tech City:New Delhi
Tech State/Province:Delhi
Tech Postal Code:110053
Tech Country:IN
Tech Phone:+91.24305154
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:nsrawat@nic.in
Name Server:NS1.NIC.IN
Name Server:NS2.NIC.IN
Name Server:NS7.NIC.IN
Name Server:NS10.NIC.IN
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

It seems to be a legitimate site as almost all information seems to be legit. I know for a fact, that all or 99% of all Indian government websites are done by NIC or National Institute of Computing. The only thing which rankled me was that DNSSEC was unsigned but then haven’t seen NIC being as pro-active about web-security as they should be as they handle many government sensitive internal and external websites.

I did send an email for them imploring them to use the new security feature.

To be doubly sure, one could also use an add-on like showip add it your firefox profile and using any of the web services obtain the IP Address of the website.

For instance, the same website which we are investigating gives 164.100.129.113

Doing a whois of 164.100.129.113 tells that NICNET has got/purchased a whole range of addresses i.e. 164.100.0.0 – 164.100.255.255 which is 65025 addresses which it uses.

One can see NIC’s wikipedia page to understand the scope it works under.

So from both accounts, it is safe to assume that the web-site and page is legit.

Well, that’s about it for the site. While this is and should be trivial to most Debian users, it might or might not be to all web users but it is one way in which you can find if a site is legitimate.

Few weeks back, I read Colin’s blog post about Kitten Block which also was put on p.d.o.

So let me share RequestPolicy Continued –

Requestpolicy Continued Mozilla Add-on

This is a continuation of RequestPolicy which was abandoned (upstream) by the original developer and resides in the Debian repo.

http://tracker.debian.org/xul-ext-requestpolicy

I did file a ticket stating both the name-change and where the new watch file should point at 870607

What it does is similar to what Adblock/Kitten Block does + more. It basically restricts any third-party domain from having permission to show to you. It is very similar to another add-on called u-block origin .

I liked RPC as it’s known because it hardly has any learning curve.

You install the add-on, see which third-party domains you need and just allow them. For instance, many websites nowadays fonts.googleapis.com, ajax.googleapis.com is used by many sites, pictures or pictography content is usually looked after by either cloudflare or cloudfront.

One of the big third parties that you would encounter of-course is google.com and gstatic.net. Lot of people use gstatic and its brethren for spam protection but they come with cost of user-identifibility and also the controversial crowdsourced image recognition.

It is a good add-on which does remind you of competing offerings elsewhere but also a stark reminder of how much google has penetrated and to what levels within sites.

I use tor-browser and RPC as my browsing is distraction-free as loads of sites have nowadays moved to huge bandwidth consuming animated ads etc. While I’m on a slow non-metered (eat/surf all you want) kind of service, for those using metered (x bytes for y price including upload and download) the above is also a god-send..

On the upstream side, they do need help both with development and testing the build. While I’m not sure, I think the maintainer didn’t reply or do anything for my bug as he knew that Web-Exensions are around the corner. Upstream has said he hopes to have a new build compatible with web extensions by the end of February 2018.

On the debian side of things, I have filed 870607 but know it probably will be acted once the port to web-extensions has been completed and some testing done so might take time.

GNU/Linux primer 3 (hopefully the last one )

Hi all,

Sorry first of all for all the delay in the same. A certain malady made my computer sick, had to reformat my sytem which hadn’t been formatted since the Dapper days . I wanted to stick with it for a few days till ext4 was standardized and came on the installer but oh well, now just will wait for brtfs to be standardized as well. It would be cool to see what happens and what kind of latencies would be there.

Anyways coming back to the topic at hand, so quite a few questions were asked by people both publically as well privately as well. So rest of the blog-post would be answering queries people have sent in.

Continue reading “GNU/Linux primer 3 (hopefully the last one )”