Say cheese! You might get kicked out

Bars and clubs are legally required to check government issued identification before allowing patrons into their establishment. This is a form of security authentication to reliably (probabilistic) determine if someone is at least 21 years old. Should we allow business owners to install government issued identification data retention and sharing technology? Should we accept being treated like a criminal before committing a crime?

Re: SPD increases efforts to put ‘shooters in handcuffs’ after East Precinct gun violence

In the wake of the shooting, Baltic Room owner Jason Brotman told CHS he and other Capitol Hill club owners are exploring a new ID scanning software that would track who has been kicked out of a club earlier in the night.

I think this is the system I was swept up in in Vancouver, Canada in 2014. I didn’t expect it. My group of friends were all going in and I couldn’t just walk out on them after spending 45 minutes in a line. Should I ask for the data retention and data sharing policies before accepting them taking a picture of me, scanning my ID, and uploading it to someone else’s servers? Should I request to audit their system’s security before feeling comfortable they or an unknown company will share my data with whoever their corporate policies and regressive laws allow?

A quick Internet search: “club id scanning who gets kicked out”

First result: (notice the company doesn’t employ website transport security)

Servall Biometrics Inc. creates cumulative reports from other data points, such as the postal code, age, and sex of the patrons in any one venue or one city, and makes these summarized reports available to venues who are paying customers. All information is confidential and no identifying data is provided.

Police Departments may request access to the database, but only when an official investigation has been launched (eg. sexual assault). They must specify their request, by providing the name of the venue, and the time frame for which they wish to review data. They have access to the first name, last name, sex, age, and photo from the identification. The police may use this to search for suspects, victims, and/or witnesses to a crime.

So police, presuming there’s a verification process, simply need “an official investigation” to hand over my data. It’s one thing for local PD to show up at a bar and inquire about events. It’s another for them to have access to a centralized database of specific data just because they were out with their friends and family.

We have a Fourth Amendment for a reason. Privacy invasions are severe because when they happen, they cause lasting effects on people and their families. Domestic violence, sexual assault, stalking — these are all problems that people, who go out to bars and clubs, already have. The Washington State Address Confidentiality Program has over 5,000 participants state wide. Why would Seattle bar owners think it’s ok to force patrons to document their locations in someone’s identification database? Shareable to police without a warrant? That’s called a search! It doesn’t excuse the warrant requirement because a third party collects the data. Victims of police brutality, or victims of people who are police officers is not uncommon. When you collect data to solve a problem, you are creating many more.

Thanks to Mikael Thalen for pointing me to this related issue in Oregon: Oregon Police Give Nightclubs ID Scanners to Datamine Customers

Using Google Fi for a relatively private phone service

Created 2015-Aug-24
Updated 2016-Apr-19

In this post I’ll discuss ways to leverage the new Google Fi service in ways that are possibly more secure or more private when juxtaposed to regular AT&T, Verizon, Sprint, or T-Mobile phone service. Good planning and good practices can help people who are sensitive to physical location data sharing avert certain kinds of passive surveillance and in turn may prevent future active surveillance. While this information may be useful, it is not intended to solve your specific needs. You are ultimately responsible for understanding why you are performing these actions and non-actions.

Regarding SS7 attacks, the common way for such attacks to work requires that an attacker know your real cell phone number. Google Voice numbers are not vulnerable to these attacks. The same could be said for a landline phone number or any VoiP number like Skype.

Regular, long-term cell service wrongs:

  1. Requires government issued ID, which basically means connecting your government issued identity to a SIM card and other hardware identifiers.
  2. Requests (and at times requires) a Social Security Number, which also, basically, means connecting your government ID to hardware IDs.
  3. Requests the availability of voicemail, a service that is remotely accessible and is unlockable by a simple 4-digit pin code.
  4. Does not support two-factor authentication for access to sensitive account information.
  • Google Fi does not ask for identification, period. It is also possible to use prepaid credit/debit cards. As of April 2016, the Google/LG Nexus 5X is the cheapest phone, and you can buy it online or from a local retailer. Related notes: AT&T locks the SIM, so you can’t use an AT&T Google Nexus until AT&T (or a third party service) gives you a SIM unlock code. T-Mobile does not lock the SIM.
  • Voicemail is also an option with Fi. Fi support has stated that “Once you have set up your voicemail with Project Fi, it is impossible to turn off your voicemail,” and, “It will not be turned on until you activate it.” However, I presume that once Fi voicemail is activated, it is remotely accessible like regular voicemail service. If you perform the below steps, you will have no use for Fi Network voicemail, so don’t activate it.


The following configuration utilizes Google’s Hangout Dialer app that you will install and leverage on your Google Fi Nexus. The Hangouts Dialer will be able to make and receive all calls and texts using a Google Voice phone number. Two Google accounts are needed.

If your personal Google account has Google Voice presently, you will be forced to either give up that number or make it your Google Fi phone number. Either way, you will lose Google Voice functionality completely and is why a second Google account is needed.

  1. Register for Google Fi service using Google account #1 including ordering a new Nexus 6, 5X, or 6P.
  2. Do not share your Fi Network phone number. With anyone. Not your friends, family, or any services. Period.
  3. With Google account #2, register a Google Voice phone number.
  4. Download Google’s Hangouts Dialer. Google account #1 will automatically log in. Log in with Google account #2 (the Google Voice account). Then sign out from Google account #1 — only sign out in the Hangouts Dialer app, not from the Nexus completely.
  5. Configure Hangouts Dialer as follows: Settings > Enable merged conversations (yes), > > Incoming phone calls (yes), Messages (yes), > Customize invites > People who have your phone number (can contact you directly).
  6. Give out your Google Voice number to friends, family, and services. Calls and plain SMS will come through in the Hangouts Dialer app.
  7. Always make calls with the Hangouts Dialer app so the receiver’s caller ID shows your Google Voice number. It is best to remove the regular phone dialer app from the Android system tray and replace it with Hangouts Dialer.
  8. Added security

    1. Employ Google Authenticator two-factor authentication (2FA) for both accounts as soon as possible for better security. Avoid SMS 2FA because of the inherent vulnerabilities.
    2. Download Signal onto the Nexus and register your Google Voice phone number in Signal. While Signal will open up showing the real Google Fi phone number, delete it and enter the Google Voice number. The SMS verification will fail, so wait for the 2 minute countdown to expire then click “call me” for automated voice verification.
    3. Through the Google Voice web interface, optionally create a voicemail greeting that requests people to install and call back with Signal. Enabling “do not disturb” will enhance this goal because then nobody can call you and can only leave voicemails.
    4. If you haven’t already, talk to your friends and family about our need for privacy and security and inform them about Signal.

    Added anonymity

    The following are added steps in case you wish to also have probable anonymity to the service providers, in this case, Google, Sprint, and T-Mobile:

    1. If anonymity from the cellular provider is your goal, you’ll need to use cash to buy a Nexus 6, 5X, or 6P from a local retail location with cash and a prepaid debit card for monthly service. If you go this route, you will still need to order a Fi Sim Kit from Google with Google account #1 and have it shipped to you. If anonymity is your goal, consider renting an AirBnB or a hotel room using a pre-paid debit card and alias during the window of delivery.
    2. During registration for Google Fi service, account registration will require a “service address”. Use the above mentioned AirBnB address or be creative. You can always change the service address at a later date. All billing is electronic.
    3. You can consider not using your Nexus phone in any anchor points, including home or work. To do this, you would need to keep the device turned off at all times except when out and about. This makes it harder for service providers to identify you, but keep in mind that Google, Sprint, and T-Mobile can see network metadata and they can always record your voice when not using Signal. It’s still a tracking device with a microphone and camera!
    4. Consider removing the microphone and camera.

    Creating Google accounts

    Use an Android to create one or more Google accounts (Settings > Accounts > Add account > Google). Creating new Google accounts this way does not require the creator to enter in an existing email or phone number. Creating new Google accounts while using Tor will result in an account auto-lock. However, once an account is setup with two-factor authentication, you can log in via Tor Browser or Tails elsewhere. If you are trying to stay anonymous to Google, you’ll have to use a new Android (device IDs never before used by your real identity) and turn it on at a location far from any of your anchor points. Keep in mind that Google will know where your Fi device is when using the Fi network, but depending on your preparation/operational security, will not know the identity of the user.

    In retrospect

    Google, in addition to sporadic use of Sprint and T-Mobile network infrastructure, will be the only ones who know the identity (phone number and hardware IDs) of the subscriber. But you have much better control over defining the data and information that is linkable to this service.

    1. Adversaries can’t “ping” your cell phone if they can’t determine what your phone number is. However, if they run around your house with an IMSI catcher, it will not be hard for them to determine what number you’re using for service. It’s good practice to activate airplane mode when you enter into your home neighborhood, especially if your friends and family predominantly use Open Whisper Systems apps (Signal).
    2. Remote adversaries can’t track your physical location via possible SS7 vulnerabilities if they don’t know your real phone number.
    3. Network adversaries (telecommunication corporations or federal/local governments) can still inject or monitor your activity to “better service you” (sell your data to advertising networks), but unless they can connect that activity to a known identifier, you, personally aren’t vulnerable to said forms of surveillance.
    4. Network adversaries may employ voice recording and recognition technologies. The employment of said technology will only increase since it is a biomarker that financial institutions have started using for account verification purposes. If network adversaries are using this technology, there is no way to hide a real phone number or hardware device IDs from them unless you step up your paranoia and use a voice changer. Using Signal (end-to-end encryption) will mitigate only the voice print vulnerability. You will always divulge your hardware device IDs to a cellular network when using cell service.
    5. Endpoint adversaries (medical offices, food services, financial services, friends with or without Signal, etc) may also employ voice recording and recognition technologies. If you make calls using your Voice number (caller ID) to endpoint services, doing so will make it hard or impossible for a third party to link your personal ID to hardware ID.

Another attempt to get someone to use good encryption

I have something that I want to talk with you about over a trustworthy medium or in person. I presume you’re using an iPhone these days which is cool. Signal is the iOS app that uses the Axolotl encryption protocol that is compatible with my Android (TextSecure). It’s a platform that I know you’d appreciate if you learned about it. Moxie Marlinspike (a pseudonym) is the hacker/activist behind Open Whisper Systems. That’s the not-for-profit org behind the crypto and app development. It really is state of the art encryption– you don’t have to trust any middle-people because the protocol is end-to-end.

Anyway, I’d really appreciate it if you could install it and send me a text. It’s not about “nothing to hide”, it’s about creating safe, trustworthy spaces for people to be themselves, independent of people mining everything you say and storing it or sharing it. It’s an unobtrusive app made to be straight forward and easy to use. I’d also love to get coffee or lunch sometime. I presume you’re in the area but I don’t know.

I hope you’re well!

Exploring Cuban Internet surveillance and censorship

This research is ongoing.

After December 17, Cubans don’t have more food, more money, or more liberty. But we have more hope.

— Cuban journalist Yoani Sanchez said in May 2015

Larry Press, Professor of Information Systems at California State University, Dominguez Hills, recently asked some important questions on his blog:

  • Is the Cuban government surveilling the users?
  • Which IP addresses are blocked?
  • Are the Chinese supplying equipment, software or expertise for surveillance and content filtering?

Cuban infrastructure

Cuba’s Ministry of Communications (MIC) is responsible for approving Cuban communications infrastructure. Historically, according to TeleGeography, “Internet access in Cuba is largely restricted to legally recognized individuals and institutions considered most significant to the island’s culture and development, such as state officials and academics.”

According to Wikikeaks, “Cuba worked around the US embargo in order to deploy an undersea cable to Venezuela.” For more history, Wikileaks has available a document titled: “Radio and Television Broadcasting to Cuba: Background and Issues Through 1994.”

According to the United States Congressional Research Service in 2006, “On December 12, 2006, independent Cuban journalist Guillermo Fariñas Hernández received the 2006 Cyber Dissident award from the Paris-based Reporters Without Borders. Fariñas went on a seven-month hunger strike in 2006, demanding broader Internet access for Cubans.” Reporters Without Borders “voices its support to the members of various dissident groups who have themselves been on a rotating hunger strike since 4 June [2006] in a show of solidarity with Fariñas and to draw international attention to his condition.”

In 2007, state-owned “Telecom Venezuela” and Cuban telco “Transbit” formed a new company called “Telecomunicaciones Gran Caribe”. The company eventually completed ALBA-1 in 2011, the only submarine cable that connects Cuba to the Internet and allows for the transmission of data, video and voice (VoIP). The cable has termination points in La Guaira, Venezuela, Ocho Rios, Jamaica, Santiago de Cuba, Cuba, and Siboney, Cuba. Until 2012, most Internet users in Cuba had limited access via satellite.

According to the U.S. Department of State Bureau of Democracy, Human Rights, and Labor on Internet Freedom in 2007:

“The [Cuban] government controlled nearly all Internet access. Authorities reviewed and censored e‑mail and forbade any attachments. Authorities also blocked access to Web sites they considered objectionable. Citizens could access the Internet only through government‑approved institutions, except at Internet facilities provided by a few diplomatic offices. In August authorities shut down Internet access in four government-run Internet cafes, including one located in the Ministry of Communications. The only citizens granted direct Internet access were some government officials and certain government‑approved doctors, professors, and journalists. The government also further restricted Internet use in government offices, confining most officials to Web pages related to their work. Foreigners, but not citizens, were allowed to buy Internet access cards from the national telecommunications provider and to use hotel business centers where Internet access cost $10 (240 pesos) an hour. The government stated that 8 percent of the population had Internet access, but independent studies concluded that only 2 percent of the population had access to the Internet.

A 2004 law stipulates that all public Internet centers must register with the government, and that all such centers may be the object of control and supervision, without prior warning, by the Agency of Ministry for Information Technology and Communications. While the law does not provide for any specific punishments for Internet use, it is illegal to own a satellite dish that would provide uncensored Internet access.”

According to the United States Congressional Research Service in 2009, “On May 21, 2008, the Senate passed S.Res. 573 (Martinez) by unanimous consent, which recognized Cuba Solidarity Day and the struggle of the Cuban people. On the same day, President Bush called for the Cuban government to take steps to improve life for the Cuban people, including opening up access to the Internet. He also announced that the United States would change U.S. regulations to allow Americans to send mobile phones to family members in Cuba.”

Prior to June 2013, Internet was only available at select state institutions and 200 hotels. The Cuban government then began offering access to the Internet at 118 outlets including a small number of cybercafés. According to Agencia EFE, “On June 14, 118 new Internet establishments were opened in the country where, through the national portal Nauta, permanent or temporary accounts were made available for e-mail access, online navigating and other services.”

As of April 2015, three million Cubans use mobile phones, a figure expected to grow by 800,000 a year. The state-owned monopoly Empresa de Telecomunicaciones de Cuba (ETECSA) has over 600 base stations across the island, up from 350 in 2010.

ETECSA will host the Internet Addresses Registry for Latin America and the Caribbean (LACNIC) meeting from May 2 to 6, 2016. ETECSA, and thus the Cuban government, clearly has ultimate authority of this region.

Desoft is the largest software developer in Cuba and based in La Habana, Cuba. Desoft’s CEO, since November 2014, is Luis Guillermo Fernandez Perez. Desoft’s website describes a product called “RCTel” that is a “Solution for recording and monitoring of telephone calls and their associated costs.” ETECSA is listed as one of their primary customers.

Prior to Desoft, Perez was the CEO of Cuba’s Softel from January 2004 through October 2014. Softel, according to LinkedIn, “Provides software solutions, analytics and consultancy for the telecommunication business.” Softel is “currently developing Softel Monitoring and Management Framework,” and their best selling product is “CMTS Monitoring System,” “capable of large scale (up to few millions easy scalable) docsis 2&3 cable modem customers monitoring. Some analytics and prediction algorythms in the area.”

According to Dyn Research, “Almost all of Cuba’s international Internet traffichas been passing through the United States for as long the Internet has existed in Cuba. For example, the satellite ground stations for the satellite service they currently use are on the East Coast of the United States.” “The Telefonica and Tata service across the ALBA-1 cable eventually makes its way to Miami to reach the global Internet. For technical reasons and not necessarily political, it is very hard to avoid the gravitational pull of the United States when routing international Internet traffic in the western hemisphere.”

United States infrastructure

IDT Corporation, based out of New Jersey, U.S. and in cooperation with ETECSA, is the “only U.S. carrier to have a direct interconnection into Cuba.

SMS Cuba, a telecom startup in Florida, U.S., is a two-way provider of SMS to those wishing to send mobile texts to and from Cubans. The service is not in direct communication with Cuba and must pass through multiple other nation states meaning there are even more connection points subject to carrier surveillance. SMS Cuba advertises directly to Cubans about how cost effective it is. Further, SMS Cuba’s registration web site does not employ transport security (HTTPS), meaning the US government (at minimum) gets to record the personal information of who signs up for the service.

While writing this article, I sent an email to the founder of SMS Cuba with some questions about their infrastructure. They declined to answer any of my questions, which were mostly technical in nature.

Sprint provides voice and SMS service to Cuba, a known NSA partner, even though it is the only major carrier to push back in court.


According to Gigaom, “U.S. companies banned from selling or exporting everything from smartphones, servers and networking gear will be free to bring their hardware and software into the country.” Similairy, from the White House, “The commercial export of certain items that will contribute to the ability of the Cuban people to communicate with people in the United States and the rest of the world will be authorized. This will include the commercial sale of certain consumer communications devices, related software, applications, hardware, and services, and items for the establishment and update of communications-related systems.” “Telecommunications providers will be allowed to establish the necessary mechanisms, including infrastructure, in Cuba to provide commercial telecommunications and internet services, which will improve telecommunications between the United States and Cuba.”

Tor guard musings

This is not a serious proposal– I just couldn’t sleep and was thinking about the protocol design.

Using a redesigned BitTorrent protocol, Tor clients will distribute traffic amongst at-least-two guard relays. Guard relays will only handle session fragments. Second hop relays will be responsible for recombining and splitting all traffic sent to and from the client.

Because guard relays will only process partial Tor traffic and the client and second hop relay is responsible for recombining and splitting traffic, it is feasible for second hop relays to transmit session fragments to randomized set of guard relays.

Second hop relays could intelligently pass BitTorrent traffic to any number of guard relays, dynamically, instead of relying on a static circuit.


  • Guard nodes never receive 100% traffic.
  • All relays can be guard relays 24/7/365.
  • Network latency increases because the client and second hop relay will have to wait for all packets for any given session.


  • Relays will require added CPU processing.
  • Network is responsible for processing greater amounts of data.
  • Network latency increases because the client and second hop relay will have to wait for all packets for any given session.

Email security for Black Lives Matter activists

Since the following email will be seen by surveillance systems via unsecured email, I’ve copied it here for others to read. Please excuse the formatting, it was copied from email to maintain PGP signing verifiability.

Hash: SHA512

Dear Deray and WeTheProtesters,

I'm Christopher, a Seattle resident and activist with Seattle Privacy
Coalition [0] and information security masters student. I'm writing to
you about the security and thus privacy of your email. I tweeted some
screen shots to you earlier [1][2].

You can verify [3][4] that your email server does not support
STARTTLS, a protocol used to opportunistically encrypt the
transmissions between you and your email server (if you're using a
local client like Outlook or Thunderbird) and more importantly the
transmissions between your email server and someone else's email server.

STARTTLS is like HTTPS but for email routing. When someone emails you
like I am right now (from, any intermediary, corporate or
government, can and will see this entire email in clear text, before
it even arrives to your email provider's servers (, the
MX destination of your "" domain). If you connect
to your email server via HTTPS, that's good, that means you're using
end-to-end encryption between you and your email server. But the email
contents and metadata (who you email, who emails you, when, etc) is
still easily accessible to illegal surveillance systems.

STARTTLS uses TLS to ensure end-to-end encryption between mail
servers, as long as both email servers have setup proper TLS or
STARTTLS protocols and security certificates. Your email provider has

Why does this matter? Thanks to Edward Snowden, we know that the
NSA/FBI/DEA's XKEYSCORE system [5] can and will collect your email,
illegally, because your email address has likely been marked as a
"strong selector". In addition to this illegal collection possibly
affecting your physical safety, you also have to be concerned about
"parallel construction" [6].

Using PGP to encrypt your emails would be a good start to protecting
the content of your email, but it requires learning PGP and how to
manage your "key pair" certificates. It also requires that people you
communicate with do the same. In short, PGP is a difficult system to
leverage. PGP also does not protect email metadata the same way that
STARTTLS should from surveillance systems like XKEYSCORE.

Your ideal solution is to abandon email and leverage OTR (Off The
Record) communication--in other words, Jabber encrypted with OTR. OTR
encryption is superior to STARTTLS and PGP. OTR is end-to-end
encryption like HTTPS, but it uses Forward Secrecy. In short, Forward
Secrecy is a protocol that rotates the security keys to hamper
collection and surveillance.

You can easily use OTR with the Free and Open Source Android/iOS
application "ChatSecure", developed by the awesome people at The
Guardian Project. Facebook email accounts are Jabber accounts, but you
cannot see or chat with Jabber accounts outside of Facebook, a major
detractor, in addition to Facebook recording metadata. A list of good,
free Jabber providers can be found at here [7]. Smart friends of mine
sometimes use these Jabber providers [8][9].

Of course, using ChatSecure, or any other mobile device application
(like TextSecure, RedPhone, or Signal -- other outstanding
communication tools) is pointless if your mobile device is or becomes
compromised. Local surveillance software can record anything that you
do on your device, in addition to reveal physical location via illegal
mobile device GPS, photo or video recording. If you attend protests
regularly, a sound course of action is to use a new iPod Touch
(ChatSecure and Signal compatible) so it cannot be compromised by
cellular network attacks (including IMSI catchers).

My personal choice is to use My Riseup email address
doubles as my Jabber address. Riseup does not spy on my email, they do
not store metadata (email or Jabber), and they employ strong
encryption wherever possible. You can apply for a Riseup account, but
that takes time. If you'd like, I can provide you with one of the two
invite codes that you'd need to create a new account right away.

If you must reply on email, I suggest moving to a better provider.
Google uses good encryption and two-factor authentication, but
activists shouldn't use Gmail because of their illegal cooperation
with the US Government. Open Tech Fund keeps an updated list on GitHub
of email alternatives [10]. You may not be able to keep your
"" email domain. You must choose good security
over vanity, and picking a probably-secure host takes planning.

All of this is merely brief advice. My secure contact information can
be found on my website [11], if you have any questions. I'm happy to
freely and anonymously consult any peaceful Black Lives Matter
activists as time permits.

Christopher / @yawnbox