Canadian firm SurfEasy will debut their eponymous USB key-based private Internet browser at CES, Las Vegas, next week. The portable USB key launches its own web browser which uses strong encryption to keep your surfing habits secret and holds all your personal information such as bookmarks, history and web passwords on the password-protected key itself. Nothing is left behind on the computer itself.
“When you stop and think about it, we use many different networks and computers to access our online lives. Whether it’s connecting from the office or using a Wi-Fi hotspot, we’re providing a lot of personal information to computers, networks and websites that are not designed with our personal privacy in mind,” said Chris Houston, founder and CEO of SurfEasy Inc. “SurfEasy lets people take control of protecting their online privacy and security by simply plugging in a USB key.”
One of the biggest potential benefits is when using unsecured WiFi in places like coffee shops. As SurfEasy creates an encrypted tunnel from the SurfEasy USB key across the Internet, no-one can see any detail about your browsing. All they can see is the encrypted data and the volume of data. SurfEasy encrypts the web traffic using SSL and passes the traffic through its own servers, stripping the client IP from the data stream. The proxy network is hosted in Canada and the US, with other international locations to come soon.
As the data stream passes through SurfEasy’s servers, SurfEasy publish a Customer Bill of Rights which is upfront about what you can expect from the company in terms of keeping your activities secret. Basically, unless you come to the attention of the legal authorities, no usage data is held.
The SurfEasy browser is powered by Mozilla and is compatible with Microsoft Windows XP, Vista and 7. Apple users needs to be on Mac OS X 10.5 or later. The SurfEasy USB key costs $60 and this includes 2 GB per month of encrypted traffic through the SurfEasy network. Additional data costs $5 per month for 25 GB and $10 for 75 GB. Product delivery is expected in February.
I can see this being very handy for backpackers and other travellers who have to use Internet cafes while travelling and are rightly concerned about security. Plug-in the SurfEasy USB key to a public computer and you’re instantly secure wherever you are.
The murder trial of Jo Yeates is front page news throughout the UK – a neighbour Vincent Tabak is accused of killing her. At the moment, the prosecution is presenting its case and a couple of interesting things have emerged as evidence.
In particular, the prosecution has alleged that the defendant:
- looked at Wikipedia for the definitions of murder and manslaughter.
- searched for the maximum penalty for manslaughter, i.e. how many years in jail.
- looked up definitions for sexual assault and sexual conduct.
- searched maps showing the area where the body was later found.
- searched on CCTV cameras in street where both the defendent and victim lived.
- use Google StreetView to view the same area.
- researched criminal forensics, fingerprinting and DNA evidence.
- read news stories on the investigation into the disappearance of the victim.
Of course, it will be up to the jury to decide whether these are good indicators of guilt, but regardless it’s clear that if someone is accused of a crime then there’s a pretty thorough examination of one’s computers and on-line behaviour. Obviously this case is about a very serious crime but it’s almost a gift to the prosecution when put together like this: can you think of any good reason to access this material at the time of the disappearance? However, this is circumstantial evidence and needs to be weighed as such.
On a related note, Google has announced that if you are signed-in to Google when you search, you will automatically use https://www.google.com/, the secure version of Google Search. While this will prevent casual snooping on your search, Google will be keeping hold of your search information so that it can better serve you adverts. And how long does Google keep the search information? Indefinitely or until you remove it. So while on the face of it encrypted search is a good thing, it comes at the price of Google knowing yet more about you.
I suspect that in the current murder trial, all the computer forensics team had to do was look back through the defendant’s browser history. Easy if there’s only one computer, but more difficult if the person has a home computer, work laptop, smartphone and so on. If you’re tied into Google everywhere, all they’ll have to do is subpoena information from Google and get your search data in one tidy little bundle. Nice.
Secure Sockets Layer, the fundamental security service for the world’s websites and many networks is at risk in the face of a new spyware application, Marketscore, an application that promises to speed up web browsing. The software is bundled with iMesh P2P (peer-to-peer) software and is popular with university students.
Marketscore is a descendent of the Netsetter spyware application. The application forces requests for web pages to be passed through proxy servers, allowing cached (previously downloaded) copies of pages to be served, rather than the most current, copies. Because Marketscore creates a trusted certificate authority on computers running the application, it’s possible for Marketscore’s proxy servers to extract sensitive data by using the certificate authority to unencrypt the data during it’s transmission from the website to the user’s computer. Credit card, banking, and online purchase data are just some of the data users routinely encrypt using SSL (Secure Sockets Layer), a service that normally operates in the background, away from most users’ eyes.
There is a fundamental rule that we should all remember: if it sounds too good to be true, it probably is (too good to be true). The online corollary to this rule is: there’s no way to improve download speed, except to connect to a line with greater bandwidth; proxy server caching doesn’t really work.
Call for Comments
What do you think? Leave your comments below.