While anonymity on the internet is slowly dying, there remain legitimate reasons for wanting to keep your online identity a secret from those meddling kids, governments or snooping criminals. From e-mailing leaked documents to commenting on blogs using pseudonyms or even just casual online chatting, utilizing the internet without leaving digital bread-crumbs behind you is a task that is getting more difficult over time, particularly when the big bad wolf that’s chasing you down is a rich and powerful government agency.

But to secure yourself online, you first need to understand whose attacking you, and what techniques they’re using. Adjusting your defense to suit your attacker is not just common sense, it is the only practical way to achieve a semblance of security and anonymity online without losing your mind and going into tin-foil hat wearing paranoia.

For example, if your adversary is the NSA, there’s nothing much you can do. This is a Federal agency so well resourced, they’re building a data-center in Utah that’s bigger than 5 Ikeas.Add to all this, the fact that it hires the cream of the crop from the Ivy-league maths programs, and you have brains and brawn that are orders of magnitude higher than the average person. If the NSA wants to target you, it’s game over. The only reason you’re not targeted by the NSA is that you didn’t factor high enough on the wanted list to merit their attention and taxpayer dollars.

But how about the Malaysian Government? How sophisticated are they and is it Game-over if the Malaysian government were targeting you?

Fortunately, our Governmen isn’t building a Utah data-center, or a Great Firewall and they’re no where close to the NSA, but they’re still a well-resourced organization that has the technical capability and financial muscle to do some serious harm against an ordinary citizen. And in order to secure yourself against them, you’d need to understand their techniques and tools.

Malaysian Government Surveillance 101

Firstly, the government controls the ISP and Telcos, and hence the Government controls the network. The prevention of terrorism act (POTA) permits a Police Officer to waltz into any ISP or Telco and compel them to grant him your communication details without the need for any kind of judicial warrant, it also allows for the Police to place a digital wiretap on your communications (again without a warrant), but also without ever having to reveal the status of that wiretap to any court of law even if they convict of something. So anytime you’re using a Malaysian internet connection, you have to assume that the connection is compromised.

Thankfully, whenever I go into a starbucks, or use the WiFi at KLIA, I already assume the network is compromised–and there’s many ways to secure yourselves over a hostile network.

Secondly, the government has a record of purchasing surveillance spyware (twice!),  These are specialized software designed to infiltrate your laptop or smartphone, and start sending all your communication data direct from source. Again, one has to assume there is no judicial oversight over the use of these things.

If your end-device is compromised, and the Government has already installed spyware on your phone, laptop, tablet or even smart TV, there’s nothing you can do on the network end to secure things. So it’s wise to start securing the device before you think about the network, and that’s where we’ll begin.

But there’s a last and final attack-vector that a government can employ. Simply breaking into your home, and taking your laptop and smartphone away from you. Which means that you don’t just need to secure your device and network when you’re using it, but also when you’re NOT using it. In computer-geek circles we call this securing your data at rest, which protects your data while it’s just idling somewhere, and it turns out that’s not entirely easy to do either.

Got Maxis Fiber to your home, but want to change your WiFi passwords, then here’s how you do it.

First you need to logon to your router. You can do so by opening your Web-Browser and type http://192.168.1.254 (where you’d normally type google.com), or just click here.

You should either see a picture like the above, then you’d need to enter the username and password, or if you haven’t setup a router password, then you’d see this:

The pipe that brings water into your home is a pretty un-sexy thing, just like the electrical cables that deliver electricity. Your internet connection though, has gotten sexier and sexier–from being used to deliver paid content like hyppTV and Astro to other more interesting services, resulting in a triple play (internet, tv and phone) of services, all piped into your home on a fibre optic cable no thicker than a strand of your hair.

But should you internet connection be sexy or should it be a dumb-pipe? The telcos of course want to deliver more services and hence fatten the bottom-line, but the problem I have is that in their zeal to do this, they’ve violated the principles of net neutrality, and I fear that we’re going down a rabbit-hole of ‘favored’ content, that sooner or later we’re not going to be able to reverse this trend.

A quick example is Maxis, it’s the only player out that can stream Astro content over the Fibre cable. That gives Maxis an un-fair advantage over TM.

I need to take this blog to somewhere it hasn’t been. To boldly go where every other Malaysian blog has already gone–into politics.

This is my blog, it’s my hobby, I don’t depend on it for my survival, I don’t rely on it for anything other than the satisfaction it provides me. Therefore, I get to do with it what I want, and today I want to talk about politics.

First off, apologies for the lack of content on the blog. I’ve been really busy at work these past few months, and content is slow moving. For instance, the previous post was a review of a router, that I tested for 4 weeks, and returned to the supplier more than a week ago–and the post only went up yesterday. To that end, my decision is to churn out my thoughts just ‘straight from the gut’ and not give this posts the usual research I typically do. Hope my regular readers will forgive the tardiness.

A couple of weeks back, the guys over at infoversal loaned me a Engenius ESR600 router for a review, at first I was a bit hesitant, but my overall unhappiness with my TP-link router made me think twice. So I gave it a shot, and boy was it worth it.

The router looks pretty normal, nothing to shout about here. While its competitors like Asus and TP-Link opted to go for black exteriors, Engenius chose to stick to white-ish color, this thing doesn’t look good near modern TV sets or  home theatre systems (which is where my router is), but the fact that it doesn’t have antennas seems to be a saving grace.

That being said, the Engenius is a pretty slick device, I’m not sure how it does it, but the antenna-less design Engenius has more signal strength than my TP-Link router over both the 2.4Ghz and 5Ghz range. Yes, the router is dual-band and one that actually works well over both bands. So great points for Engenius in that category.

Today I attended an Institute for Democracy and Economic Affairs (IDEAS) event about the TPP. Among the panel members, included Michael Froman, the US trade representative and chief advisor to President Obama on issues of International Trade and Investment. (big shot!!)

For those you don’t know, the Trans-Pacific Partnership(TPP) agreement is a trade deal between 12 countries including Malaysia and America whose main objective is to balance out the power and influence China has over the region. But the TPP has been opposed by many NGOs and special interest groups, for good reason–it’s secret. The TPP has garnered such a bad reputation, it’s sort of like the Justin Bieber of trade agreements, everyone knows about it, but nobody likes it.

The event went on for a good 40 minutes, before your friendly neighbourhood tech blogger got a hold of the mic to ask about the secrecy of the trade agreement.Prior to that everyone was talking about Bumi Policies,Price of Medicine and impacts to SMEs. I really didn’t understand why no one spoke about the tremendous secrecy surrounding the talks and how the secrecy itself is fundamentally undemocratic and bad enough for Malaysians to reject the agreement.

This secrecy is the one reason every Malaysian should oppose the TPP. Everything else is moot, because we can’t confirm the documents we’ve seen until it’s made publicly available to the citizens of the countries negotiating the deal. Would you sign a housing loan agreement without the ability to first read the contract? Yet, here with the TPP we have a legally binding 29-chapter multi-lateral agreement that very few people have seen, but will impact all Malaysians once signed. How do we know the prices of medicines are going up? Oh that’s right, we read it from Wikileaks …. must definitely be true then. Sorry let’s move on.

I strongly believe the Goods and Service Tax is a good idea.

Yes, it will impact the poor more than the rich. Yes, it will cause the cost of living to increase at a time when most Malaysians are struggling to pay the bills.

But the people who will suffer the most aren’t the poor, it’s the tax-evaders. Tax evasion and illicit flows are a big problem for Malaysia, and the Goods and Service Tax is a straightforward and effective solution to that problem. GST is a closed loop sort of tax, which makes tax evasion much harder.

So enough of the GST choir, I’m sure you don’t agree, but that’s fine. In this great country  of ours there should be room for dissent, except with Maslan, cause he’s so smart he must be right.

Output - Input

Imagine a top-up of RM10.Let’s assume that in a pre-GST Malaysia, the telco sold the top-up card to the retailer for RM9. The retailer sold it to the end customer for RM10, making a profit of RM1 per card.

In a post-GST world, the telco still sells the top-up card to the retailer for Rm9, but now adds 6% GST, making the total sale price from Telco to Retailer RM9.54. This additional Rm0.54 is called the input tax.

The retailer then sells the card to a customer at Rm10 plus 6% GST, making the final price Rm10.60. The additional Rm0.60 is called the output tax.

His Gross profit is Rm10.60 - Rm9.54 = Rm1.06. (stay with me here folks)

Now here’s the bit many don’t understand, the retailer doesn’t pay Rm0.60 to the government (even though that’s what he charges you), rather the retailer pays his output - input, or Rm0.60 - Rm0.54 = Rm0.06 . His gross profit of Rm1.06 becomes of nett profit of Rm1.00 after you deduct GST, which is exactly the same profit he had pre-GST.

[caption id=“attachment_5004” align=“aligncenter” width=“650”]

Post-GST implementation as it is today[/caption]

The way this works is that the Telco pays Rm0.54 to the government (from their sale to the retailer), and the retailer then pays Rm0.06 to the government (from their sale to the customer). The end result is that the governments still gets Rm0.60 from the sale, but from two different entities at two different points of the supply chain.

This all lines up nicely, the problem is that customers are now paying Rm10.60 instead of Rm10. Let’s call this the RM10-Gross Model.

Last week visitors browsing to Google’s Malaysia website were greeted with a big bold image stating the website was hacked. The media had a field day proudly proclaiming that Google’s website was hacked, because that was exactly what the page they visited said….Google Hacked!!

Only, Google wasn’t hacked.

MyNic was hacked.

They’re the agency in charge of managing all internet addresses ending with the .my suffix. Hackers had infiltrated MyNic, and reconfigured the systems to point www.google.com.my to their own servers instead of Google’s. Then they simply pasted a silly looking screen that boldly proclaimed their ‘hack’ to the world, claiming to hack Google rather than MyNic—which is what you’d expect from hackers. But the media, took that to mean Google was comprimised, and boldly proclaimed that Google Malaysia was hacked, going so far as to ask if ‘user data was compromised’.

The analogy is that if someone hacked Waze, and took all unsuspecting tourist who were trying to get to KLCC, and re-directed their route to an abandoned warehouse in Klang, the headline for that story should read “Waze hacked” instead of “KLCC destroyed”. Everyone knows how absurd a headline like the latter would be, but very few people would think the same thing the moment ‘internet things’ get involved–if the website says Google hacked, surely it must be true, in the same way that if Waze says this dilapidated factory lot is KLCC, surely it is, because Waze is never wrong right?!

In case anyone needs my PGP key to send me encrypted e-mails. Here it is.

e-mails should be sent to keith@keithrozario.com, which is hosted on Gmail, if you’re uncomfortable with that, drop me an encrypted e-mail there, and I’ll respond with a privately hosted e-mail you can connect with me on.

Regards,

Keith