Category Archives: Information Privacy

Emerald Onion has launched

The Tor network and the dot-Onion infrastructure was built for security and privacy in mind. This is unlike legacy clear-net infrastructure, which over the years needs routine and dramatic security changes just to solve evolving security chalenges. Even worse, modern security for legacy clear-net infrastructure does very little for privacy.

Vulnerable populations were the first to recognize the importance of a technology like “the onion router”. The United States Navy was among the first. The United States Navy, realizing very quickly that an anonymity network that only the Navy would use, means that any of its users is from the United States Navy. To this day, the United States Navy researches and develops Tor.

Once Tor became a public, free, and open source project, journalists and other vulnerable populations with life-and-death threat models started using Tor. These survivors and human-rights defenders were a red flag. By the time Tor became a public project, other departments from the United States Government, such as the United States National Security Agency, had already started conducting global mass surveillance.

The United States Navy knew and continues to know that Tor is a necessity in a world dominated by global mass surveillance and by governments that strive for power and control.

Emerald Onion envisions a world where access and privacy are the defaults. This is necessary to ensure human rights including access to information and freedom of speech. If we do not have human rights online, we will not have them offline, either. We launched, officially, on July 2nd. We are looking at 10 year+ development and sustainability. Please reach out to me if you can think of ways to support our work.

Secure Messenger Scorecard (May 2017)

This is a draft.

I’m starting my own Secure Messenger Scorecard based on the prior work of the Electronic Frontier Foundation.

I’ve created an editable Google Doc for further input and development.

Please scrutinize and contribute by Signaling me, emailing me or tweeting at me.

version one

version two

version three

Moved from Apache to Caddy and RSA to EC TLS for WordPress

^ Qualys SSL Labs test for

^ Security Headers (dot-IO) test for

With very special thanks to this guide, Running WordPress with Caddy. I was also able to remove several unnecessary PHP applications that Apache needed.

Here’s my Caddyfile: {
        } {
        root /var/www/
        log stdout
        errors stderr

header / {
	Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'"
	Referrer-Policy "strict-origin, strict-origin-when-cross-origin"
        Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"

fastcgi / /var/run/php/php7.1-fpm.sock {
        ext .php
        split .php
        index index.php

rewrite / {
        to {path} {path}/ /index.php?{query}

tls / {
        protocols tls1.2
        curves p384
        key_type p384

House Bill 1909: Automatic License Plate Reader Systems

My testimony to the State of Washington House Transportation Committee:

Chair Clibborn and members of the committee, my name is Christopher Sheats, Chair of the Privacy Committee for Seattle’s Community Technology Advisory Board, and Chair of the Seattle Privacy Coalition. I want to make clear that any form of Automatic License Plate Reader (ALPR), regardless of its security or policy controls, is fundamentally a mass-surveillance system for the simple fact that it indiscriminately collects data about everyone.

ALPR mass-surveillance systems collect an incredible amount of personal information.

Where are you and where are you not?
Where are you heading?
What time were you there and not anywhere else?
Who else was traveling or not traveling around that time?

All of these personal facts can facilitate identifying our interests, affiliations, activities, and beliefs. Data collection, and any amount of data retention, allows for the copying and sharing of said data. According to the U.S. Department of Transportation Bureau of Transportation Statistics, an “overwhelming majority of person trips—for all purposes—are taken in personal vehicles.” When mass-surveillance data of our vehicles is collected, granularly surveilling a state, a city, a community, or an individual becomes trivial.

Where do they live?
Who lives around them?
Where do they go to church?
Who else goes to their church?
Where do they work?
When do they visit their friends and family?
When do they drop their children off at school or childcare?
When do they leave the house to go grocery shopping?
When do they visit their doctor and how often?

Answering these questions go above and beyond “personal information,” yet these questions become answerable when data collected by an ALRP mass-surveillance system is gathered by an abusive government or hacker, domestic or foreign.

If the State is to condone APRL mass-surveillance systems, whereby we have precluded we will not protect human rights by not collecting personal data in the first place, the only other rational alternative is to not retain collected data for any period longer than absolutely needed.

Thank you for your time.

Concerns of mine that I did not include in my testimony because of the delicate nature of politics:

Regarding House Bill 1909, I have several concerns:

1. How is House Bill 1909 going to impact RCW 40.24 — Address Confidentiality for Victims of Domestic Violence, Sexual Assault, and Stalking? Particularly, how is House Bill 1909 going to protect vulnerable people from law enforcement abuses?

2. Is any part of the ALPR mass-surveillance system, including data retention, managed or operated by unregulated third party providers?

3. Why are third parties not explicitly barred from owning and operating ALRP mass-surveillance systems?

4. What specific controls and audit safeguards will be put in place to prevent system operators from performing unapproved searches of people or vehicles?

5. Once data is collected by mass-surveillance systems, it can be copied, used, copied again, and re-used for unimaginable purposes. What specific controls and audit safeguards will be put in place to prevent data copying by federal agency data systems such as regional Fusion Centers?

6. The “Second War Powers Act of 1942” removed Census privacy protections of Japanese-Americans, allowing federal agents to know exactly where go and whom to arrest. How is Washington State going to defend us from unconstitutional policy changes brought on by an illegitimate U.S. President?

Surprise props from the City

From January CTAB Minutes:

One last thing, because I’m trying keep within my five minutes, I really want to say thank you to Christopher Sheats for the ongoing support as chair of CTAB Privacy Committee. I find it very invigorating to go to the CTAB Privacy Committee meetings, and look forward to their continued work and the guidance of that committee. I’m very thankful for the initial feedback. We have a little more baking to do on our side, and then we’ll be back in front of this group and Privacy to think about controls and how we consider deployment of that technology. I imagine that Christopher will have more to share about how the ACLU has been working with Councilmember Gonzalez on a rewrite of the City’s surveillance ordinance, which we agree that the current ordinance is not very effective, just in the way that it’s structured. It lacks accountability. It lacks clear definition. As a result, I don’t think the community or the City is getting the value of that legislation. One thing I’ve encouraged this group to think about is what role you would like to have in providing input to the rewrite of the surveillance ordinance. Be think about how you might want to engage the councilmember in making that desire to [unintelligible]. Christopher, I hope I’m not impeding on your update. But I put that out there to make sure that it’s on your wavelength. If there’s anything I or we can do to in the way of support, please let us know.

New Democracy Now! Onion site


Updated onion address: 2017-March-12

Previous work here. The rest of this post is for technical individuals.

I recently moved to a new DN! host mainly because my first one ran out of storage. I apologize to those who have not been able to access the last few episodes due to the old host filling up. This post goes into detail how I set up the new Onion site, then how I transfered all ~30GB of existing DN! files from the old host to the new host exclusively over Onion service via rsync.

Some major improvements include Democracy Now’s third-party services all support TLS now, meaning that I’m finally pulling the media via authenticated and confidential (exluding metadata) transport. My updated shell script is below, too.

Please note that not all traffic is torified on the new host, the DN! files are still getting pulled via port 443, outbound DNS via port 53, and outbound NTP via port 123.

New Ubuntu 16.04 Xenial host setup

Enable the firewall disabling all inbound traffic:

sudo ufw enable

Edit sources list to remove the default HTTP repositories with Wikimedia’s HTTPS repositories for transport authentication and confidentiality, and add Tor Project’s HTTP repository:

sudo vim /etc/apt/sources.list

deb xenial main restricted universe multiverse
deb xenial-updates main restricted universe multiverse
deb xenial-backports main restricted universe multiverse
deb xenial-security main restricted universe multiverse
deb xenial main

Add the Tor Project’s signing key:

gpg --keyserver --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Update, upgrade, then install the necessary Tor apps:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install tor apt-transport-tor -y

Edit torrc to create the new Onion site address:

sudo vim /etc/tor/torrc

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22
HiddenServicePort 80

Restart the Tor service:

sudo service tor restart

View the new Onion site address:

sudo cat /var/lib/tor/hidden_service/hostname


Edit sources list again so that the repositories will only be accessed via Onion service:

sudo vim /etc/apt/sources.list

deb tor+ xenial main restricted universe multiverse
deb tor+ xenial-updates main restricted universe multiverse
deb tor+ xenial-backports main restricted universe multiverse
deb tor+ xenial-security main restricted universe multiverse
deb tor+ xenial main

Update and upgrade again, and install Open-SSH, all via Onion service:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install openssh-server

Configure the SSH server to only accept connections via Onion service. Also harden the security a little bit:

sudo vim /etc/ssh/sshd_config

AllowUsers user
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 30
ServerKeyBits 4096
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes

Install Apache via Onion service, disable status, and enable headers:

sudo apt-get install apache2 -y && sudo a2dismod status && sudo a2enmod headers

Configure the index view of the Apache landing page:

sudo vim /etc/apache2/mods-available/autoindex.conf

IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 SuppressDescription SuppressIcon SuppressLastModified SuppressRules
IndexOrderDefault Descending Name

Harden Apache’s security configuration:

sudo vim /etc/apache2/conf-available/security.conf

Directory /
AllowOverride None
Require all denied

Header always set X-XSS-Protection: "1; mode=block"
Header always set X-Permitted-Cross-Domain-Policies: "master-only"
Header always set Cache-Control: "private, no-cache, no-store, must-revalidate"
Header always set Pragma: "no-cache"
Header always set Expires: "-1"
Header always set X-Content-Type-Options: "nosniff"
Header always set X-Frame-Options: "sameorigin"
Header always set Content-Security-Policy: "default-src 'self'"
ServerTokens Prod
ServerSignature Off
TraceEnable Off

Configure Apache to only work via Onion service:

sudo vim /etc/apache2/sites-available/000-default.conf

ServerName gnt3qwmxads3yytg.onion
DocumentRoot /var/www/html/dn/
LogLevel info
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Restart Apache:

sudo service apache2 restart

Make the DN! directory:

sudo mkdir /var/www/html/dn/

Create the shell script to download the various DN! files:

sudo vim

cd /var/www/html/dn/
daystamp=$(date +%Y-%m%d)
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp.mp4
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp-1.mp3
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp.mp4.torrent
chown -R www-data:www-data /var/www/html/dn/*

Edit cron to check for new files every 15 minutes:

sudo crontab -e

*/15 * * * * bash /home/user/

Old Host

Configure SSH client to be torified:

sudo vim /etc/ssh/ssh_config

Host *
ProxyCommand nc -X 5 -x %h %p
CheckHostIP no

Rsync all files from the old host (ssh client) to the new host (ssh server):

sudo rsync -v /var/www/html/dn/* user@gnt3qwmxads3yytg.onion:/var/www/html/dn/