In this and two following articles I'd like to take a look at three different areas of personal data storage, how I see a majority of people handling these three issues and what my personal theoretical approaches regarding them is. This is going to be purely about data storage and security, not transport security, which is another topic on its own.

The questions mainly are:

• Where am I supposed to store my private data?
• Is my data secure?
• Who can access my data?
• Is security based on trust or actual scientific security (encryption)?

First of all, the three distinctions of data storage I'd like to make, and also how I'm splitting the articles, are the following:

• Email storage
• Preference storage (application preferences, browser syncing, phone syncing etc.)
• Personal data storage (photos, videos, documents, contacts, calendar, etc.)

Let's start with email storage. Where are your emails stored? The vast majority of Internet users have an email account with one of the big free email providers or they might have an account that is provided by their Internet Service Provider (ISP). Maybe you even use some shared web hosting somewhere which comes with shared email servers. Whichever of these is the case: your emails are effectively stored with a third party, an ISP that is not you.

Let me ask you this: where is your mail stored? And by mail I actually refer to physical mail: letters. Where are they received? Surely you have a mailbox at your home, or you might have a post-office (PO) box. Most likely you'll be receiving your mail at your mailbox in front of your house and then store it safely inside your home. Would you want your letters to be sent to a third-party that is sending you a copy but also storing all your letters within their own house? Probably not.

I believe we have a major misunderstanding how we are treating Email currently. We are giving away our email data to big companies that make a living with it (among with other services). Always keep in mind that you're most likely not the customer when using a free service, you might be the actual product. If events in the last years regarding the NSA and Edward Snowden have shown us anything, it's that our data stored at big ISPs is most likely easily accessible by governments.

Instead of using such a centralized infrastructure, we should be decentralizing Email in the same way our usual mail system works. When you go back looking at the development of email, it actually was meant to be exactly like that.

My suggestion for email therefore is this:

• Get your own domain name to use for your email address. Be aware that public email providers like gmail.com, hotmail.com, etc. are the ones in charge of their domain names and can cancel them or your email address at any time. You should be the one in charge of your own domain name.
• Run your own email server at home. While this might sound difficult, a lot of services and communities try to make this as easy as possible. Some examples would be iRedMail, Mail-in-a-Box, Synology Email Server and YunoHost. In case you've heard about or own a Raspberry Pi, there are two major projects making self-hosted services, including Email, on a Raspberry Pi as easy as possible: arkOS and FreedomBox.
• Use a third-party email server only as a backup mail server. In case your Internet connection at home drops and your mail server is unreachable, configure a third-party email server as a backup, so your emails will be delivered regardless. In a best case scenario, you can set up a friend's home email server as your backup server and vice versa.
• Use end-to-end encryption such as GPG to protect your emails even if someone else is able to access them.

This just a very brief overview of why I suggest hosting your own email server. There are lots of other things to consider and running an email server is by no means an easy task, I understand that.

As a concluding suggestion, I'd like to introduce the website PRISM Break which lists free and open alternatives for all kinds of proprietary and closed solutions. Specifically for mail servers: PRISM Break Mail Servers

In my next article I'll be taking a look at preference storage, where to save application preferences, what to do with browser syncing and phone syncing.

Article NSA parody logo cc by EFF. Article title in reference to "All your base are belong to us".

Recently MachineGames' new video game Wolfenstein: The New Order was released. In case you are not familiar with the popular Wolfenstein series, it began way back in 1981 with Castle Wolfenstein and essentially is a video game series revolving around Nazis and organisations which were active in Nazi Germany. You do not play as a Nazi, instead you play against them. So effectively you are killing Nazis within the game.

The more popular part of the series Wolfenstein 3D released in 1992 was "confiscated" in Germany in 1994 because of its use of the Swastika which in this context is considered a symbol of an unconstitutional organisation. The use of such symbols is regulated by German law in § 86a StGB and can lead to a fine and/or imprisonment of up to three years. When a video game is "confiscated" in Germany it effectively means the following (for a more thorough analysis see this (German)):

• You are not allowed to sell the video game within Germany
• You are allowed to buy the video game within Germany (however the seller is going against the law here)
• You are allowed to own the game
• You are allowed to import the video game from another country

So, assuming you already owned the game before the "confiscation", it is perfectly legal to keep it and play it. It is also perfectly legal to import the video game from another country which most people don't seem to know about. To me this doesn't really seem like a "confiscation" which is the German term used by law: "Beschlagnahmung", hence I put it in quotes. Instead I'd call it a ban, effectively censorship even.

Now you might be wondering: what about movies or television series involving the use of such symbols? Well, according to German law you may be allowed to make use of such symbols in certain cases like for example for "art" which is regulated in § 86 StGB. The next question is: those are considered art, but video games are not? Who says?

Answering this question would be an article on its own and effectively there is no decisive answer. It's a matter of court decisions in the past, a matter of a people that doesn't even want to touch certain topics due to a taboo and an industry that is rather scared and goes the "easy" way of censoring their video games for the German video game market instead of fighting against censorship.

Anyway, the discussion on why this ban exists is irrelevant to the point I actually want to make. As you have learned now, video games might get banned in Germany due to usage of symbols used by an unconstitutional organisation and regardless of that it is still perfectly legal to import such games from other countries. And here comes the catch.

Back in the days without digital rights management (DRM) it was as easy as importing a video game from another country, installing it and playing it. On the PC anyway, video game consoles already had a kind of a region lock through NTSC and PAL standards. But that's again another topic.

Let's go back to the recently released game Wolfenstein: The New Order which uses Steamworks as their DRM. To play the game you will have to activate it online with Valve Corporation's Steam software. And here's what Bethesda Softworks, the publisher of Wolfenstein: The New Order decided to do: they released a censored German version without the use of any unconstitutional organisation symbols and to top it off disallow the activation of the uncensored version from a German IP address.

Within Germany I'm only allowed to activate and play the censored version even though by law it is perfectly legal for me to import the uncensored version from another country. Since the Steam Subscriber Agreement disallows use of any proxy servers or virtual private network (VPN) to obfuscate my location, I have no legal and allowed means to play a perfectly legal and legit copy of an imported video game.

"You agree that you will not use IP proxying or other methods to disguise the place of your residence, whether to circumvent geographical restrictions on game content, to purchase at pricing not applicable to your geography, or for any other purpose. If you do this, we may terminate your access to your Account." - Steam Subscriber Agreement

Thank you for fucking over the honest customer. Obviously you don't want people's money, you made that abundantly clear.

Since Wolfenstein: The New Order is a single player only game it is happily shared by thousands of German peers... and you shouldn't even really be mad at them... Bethesda Softworks caused this themselves.

You might have heard about the legal case going on and on with The Pirate Bay for years already. Basically the music industry and other retarded cokeheads of the likes claim that the services The Pirate Bay are offering are illegal.

What exactly is The Pirate Bay offering?

They once actually served as a BitTorrent tracker, search engine and indexing service. They got rid of the BitTorrent tracker sooner or later because they got aware of the retarded people living on this planet deeming it illegal. So what are they left with? A search engine and indexing service. Sounds familiar. Something like Google, Yahoo and Bing? Pretty much, yes, except only for the BitTorrent network. How is that illegal you ask? Well, beats me. But apparently even judges agree.

In case you are wondering how the classical BitTorrent network operates, here's a quick outline:

• BitTorrent is a peer-to-peer network for data transfers (files like music, videos, pictures, etc.)
• If you want to download a certain file, you download a *.torrent file that contains hashes of pieces of the actual file you want. A hash essentially is nothing but a calculated number from that piece of a file, to verify its integrity and to find the file. Keep in mind that you can not recreate the file from these hashes.
• The *.torrent file also contains a list of so called BitTorrent trackers, which are servers you will connect to, essentially ask them "Who has this file?" but also tell them whether you have a file to offer. They enable a communication between the peers, so the peers can find each other and initiate a transfer between themselves.

Okay, now let's assume we have a file that is shared and it contains by law content that is not allowed to be freely shared (like for example a ripped music album). Whoever puts this file up has to create the *.torrent file for it. So that person calculates hashes from the files, adds a BitTorrent tracker to the file and done.

This *.torrent file, containing nothing but legal metadata, will be put up on a site now, for example on The Pirate Bay. So The Pirate Bay offers this *.torrent file, with a description of the files it supposedly contains metadata for and people are free to download this *.torrent file. This is not illegal. Anybody who claims it is, is a retard and did not understand how this system works.

If anybody downloads this *.torrent file of said music album now and adds it to their BitTorrent client, the BitTorrent client will contact the specified BitTorrent trackers and they will reply a list of people who currently want or offer the file. Now, depending on the country you are residing in but also depending on your moral values, none, one or both of these actions can be considered illegal:

• Downloading the actual files from a peer (getting the music album)
• Uploading the actual files to a peer (sharing/giving the music album)

What did The Pirate Bay do in all this? Effectively the following:

• Telling you about the file: Music album
• Offering hashes for said file (Remember: calculated numbers, not possible to recreate the file from)
• Telling you which BitTorrent tracker to ask about peers
• If specified as a BitTorrent tracker itself: telling you which peers are getting and sharing the file (This is now obsolete as The Pirate Bay no longer operates a BitTorrent tracker themselves)

All of that is considered metadata. None of that is illegal.

Still, on April 17th, 2009 the operators of The Pirate Bay were found guilty of "assistance to copyright infringement" in Sweden and sentenced to one year in prison and payment of a fine of 30 million SEK (roughly 4.4 million USD (as of writing of this article)).

This didn't stop The Pirate Bay from operating however. It still operates as of today and the music industry is still trying really hard to get them down. Since by now they realized they can't take them down from the very source instead they try censoring access to The Pirate Bay.

So far access to The Pirate Bay has been "blocked" in: Belgium, Denmark, Finland, Ireland, Italy, Malaysia, the Netherlands, the People's Republic of China and the United Kingdom. Several other countries had temporary blockades or legal cases about blocking the site. More are probably to come.

The quality from these blockades usually reach from mostly simple Domain Name System (DNS) blockades to Internet Protocol (IP) blockades. Both of them are very easy to go around and people wanting to access The Pirate Bay as well as The Pirate Bay themselves offer tons of ways to go around them. In the end all these blockades cause is free advertising for The Pirate Bay and BitTorrent plus getting people aware what kind of MAFIAA is operating within our governments and courts resulting in membership boosts for the Pirate Party.

One of the worst organizations, trying the hardest to block The Pirate Bay is BREIN (Bescherming Rechten Entertainment Industrie Nederland) in the Netherlands. They don't even stop at just blocking The Pirate Bay by forcing the country's Internet Service Providers (ISPs) to apply a blockade but instead they also want to stop every proxy that is being set up to go around said blockades.

But they even go further. After successfully getting court orders to force closure of a proxy provided by the Dutch Pirate Party as well as a proxy provided by Greenhost they even demand a gag on the Dutch Pirate Party to stop operating any kind of proxy service as well as stop explanation on how to use them or set them up.

Yes. The censorship is getting worse and worse. Stop discussing. Stop offering proxy services. The question how long before VPNs and proxy services become illegal is very valid.

BREIN, you can not win this. Stop fighting.

For every IP address that gets blocked The Pirate Bay will have a new one ready within minutes.

This is a futile game, already lost by BREIN. But since they apparently don't have a BRAIN, they don't see it. As long as there is one person on the Internet who does not agree, content can not be censored. And such people will fortunately always exist.

With that said, have a link to a list of The Pirate Bay proxies, generously provided by Pirate Reverse: http://about.piratereverse.info/proxy/list.html

And also a guide on how you can help and set up your own Pirate Bay proxy: http://about.piratereverse.info/proxy/index.html

11:00 AM, a nice Saturday morning, nothing planned for the day, got plenty of time to surf the net and find out about missed stuff during the stressful week. Time to relax.
Oh hey, a new game has been released. "Kingdoms of Amalur: The Reckoning". Let's give it a try and download the demo on Origin:

"Unfortunately due to youth protection laws in Germany it isn't allowed to download this game during 6:00 AM and 11:00 PM." ("Leider darf dieses Spiel aufgrund des Jugendschutzgesetzes in Deutschland nicht zwischen 6:00 Uhr und 23:00 Uhr heruntergeladen werden.") - Origin Store

Seriously? I mean... seriously? I can't download it between those times? Am I allowed to play it at least once I downloaded it outside those times? So if a kid downloads the game during the night it's also able to play during the day then? What the fuck?
Hey, have you ever heard of SKIDROW? OK, let's not go there, yet.

It's not Electronic Arts' fault right? It's a German law, so it's the German government's fault. After reviewing the German law for the protection of the youth I didn't find anything that would clearly and definitely explain this ban of download during daytimes, though.

The USK rated "Kingdoms of Amalur: The Reckoning" 18+, so nobody under the age of 18 is allowed to buy the game in Germany. Aka only adults are allowed to buy it. Or in this case, download the demo? That's not even buying, what are we talking about here then? Distribution in general? Actually it's a digital distribution, so let's see.

The way I see it we have the following laws that are relevant:

Section 12 JuSchG subsection (3) basically says that every medium (film or game) that is rated for adults only is not allowed to be made available or sold to anybody under the age of 18:

"[...] dürfen einem Kind oder einer jugendlichen Person nicht angeboten, überlassen oder sonst zugänglich gemacht werden [...]" - Section 12 JuSchG subsection (3)

Section 12 JuSchG subsection (4) says something about limitations of "vending machines" which make films or games available, like location and access control. It also states that adult content (18+) is not allowed to be made available through "vending machines" at all in public spaces accessible by kids and teenagers:

"[...] nur aufgestellt werden, wenn ausschließlich nach § 14 Abs. 2 Nr. 1 bis 4 gekennzeichnete Bildträger angeboten werden [...]" - Section 12 JuSchG subsection (4)

Looking at this and assuming that Origin is a "vending machine" they wouldn't be allowed to make such games available at all regardless of the time since the Internet is public. Assuming it isn't considered a "vending machine", they aren't allowed to make it available for anybody under the age of 18 which would therefore conclude that they'd need some kind of age verification before making such games available.

Are you honestly saying that everybody under the age of 18 is always asleep during 11:00 PM and 6:00 AM? This is an age verification? Seriously? But hey, others do it exactly the same way:

"This show is unsuitable for teenagers under the age of 12. This clip is therefore only available between 8:00 PM and 6:00 AM." ("Diese Sendung ist für Jugendliche unter 12 Jahren nicht geeignet. Der Clip ist deshalb nur von 20 bis 6 Uhr verfügbar.") - ARD Mediathek

Where is this coming from? Am I missing something? Not to mention that "teenagers" under the age of 14 are not even considered "teenagers" by German law but are considered kids. What are "teenagers" under the age of 12 then? They are kids.
And not to mention that GeoIP, the whole concept and idea to find out from which country a certain website visitor is coming from is totally unreliable. There have been reports of people getting those messages even though they don't live in Germany or connect from within Germany. These laws do not apply to them.

Fuck GeoIP, fuck "national Internet" and get your head out of your asses. This is fucking ridiculous. Unless of course you don't want to make money?

Coming back to my previous question: have you ever heard of SKIDROW?

Update: Kreuvf found out where those ridiculous time periods are coming from. They are actually defined in a treaty, the State Treaty on Youth Protection in the Media ("Jugendmedienschutz-Staatsvertrag") which is also regulating digital distribution like the Internet. The JuschG apparently is only regulating physical media.

Welcome to the United States of America (USA)! Please step right through our national mascot: the Stars and Stripes metal detector, probably made in China, India, Pakistan or some (other) third world country, who cares! We are proud of it and thus you have to be too!

I've been to the USA recently and I am rather disappointed with that trip. It's not the first time I visited the USA, I've been there before a couple of times, first in 1993 in fact. What I want to talk about is mostly my opinion of the USA turning into a police and surveillance state, which surely is getting worse and worse by the day. My last trip before this one this year was in 2007, where they already took fingerprints and a photo of everybody wanting to get into the USA, be it vacation, business trip or anything else. You want to come in? They shall have your fingerprints and a photo. Now if I recall correctly, back in 2007 they "only" wanted your thumb prints of both hands. This time they wanted prints of every finger of both hands. Do I have a problem with that? Yes, I do. In my opinion it is ridiculous to have everybody under this general suspicion of whatever they are afraid of (TERRORISM! OMG!) and justify taking prints this way.

What is also new for me is their online registration form (Electronic System for Travel Authorization (ESTA)) which you have to fill out, basically to apply for entry in the first place (instead of a visa). Enter all your personal data into it, including passport number and answer some questions. Like for example:

"Do you have a communicable disease; physical or mental disorder; or are you a drug abuser or addict?" - ESTA

Or my favorite:

"Have you ever been or are you now involved in espionage or sabotage; or in terrorist activities; or genocide; or between 1933 and 1945 were you involved, in any way, in persecutions associated with Nazi Germany or its allies?" - ESTA

Why, yes, of course! I've been born after 1945, which I just told you, but surely I was associated with Nazi Germany. But hey, before even answering these questions, check this out:

"On March 4, 2010, President Obama signed into law the Travel Promotion Act (TPA) of 2009, Pub. L. No. 111-145. The Act directs the Secretary of Homeland Security to establish a fee for the use of the ESTA system, comprised of $10.00 for each VWP applicant receiving authorization to travel to the United States and $4.00 for the processing of the ESTA application. Applicants who are denied authorization to travel to the U.S. under the VWP will only be charged $4.00. The fee may only be paid by credit card. Applicants may save the application data and return to the application at a later date to enter the payment information. However, the application will not be submitted for processing until all payment information is completed." - ESTA

Nice. $14 going directly to the U.S. Homeland Security. And of course it may only be paid by credit card, what else? That way they also have your credit card info and can check all your previous transfers. After all you might be funding Al-Qaeda and just don't want to mention it.

Oh well, first rages were had. But anyway, finally I arrive there. The usual patriotism is the first thing that hits you at the airport: big USA flags, a store with all kinds of patriotism items (more on that later). Don't get me wrong, patriotism to a certain degree is not that bad in my opinion, however in the case of the USA it just seems hypocritical. Why? More on that in a bit. The patriotism obviously continues when I was at an American football game: "Please rise and take off your hats for the national anthem of the greatest nation in the world." (something along that, not an exact quote). Even the stadium logo, which was illuminated only in green before, turned into a Stars and Stripes animation. Of course it wouldn't be a proper American football game without some U.S. Army veterans showing up during small breaks so everybody can cheer for them.

What made me rage the most, though, is the fear of terrorism (OMG!) everywhere. Go up the Empire State building? Metal detector, x-ray! Go up the Rockefeller Center? Metal detector, x-ray! Hence the new national mascot of the USA: the Stars and Stripes metal detector. Visiting a museum? Backpack check! Visiting an American football game? Backpack check! Look up the ceiling in any building: security cameras! Look up the sky in New York City: security cameras on light poles! Oh, if you could just see this George Orwell...

Something that also made me shake my head was the American Museum of Natural History. At one point they show a movie how humans are destroying the earth with their lifestyle, logging rain forest, etc. And then there is the planetarium show "Journey to the stars" which shows how great our universe is and how it was created. In the credits of the show it mentions that it was "made possible through the generous sponsorship of"... wait for it... Lockheed Martin! One of the world's largest "defense" (read: military weapons) contractors. How ironic is that?

Anyway, coming back to my previous point about hypocritical patriotism. Let's just have a look at those two products:

 

Which of these products was proudly made in the USA? Which wasn't? Click the products to find out. (Sorry for the bad image quality)

And this is something you will find everywhere all over. Buy a model Statue of Liberty for your living room at the patriot store at the airport, or anywhere else, it doesn't really matter: it is made in China. Obviously most products these days are made in China or (other) third world countries since the actual labor there is way cheaper and capitalists always want to have the most profit they can get. I get that. But how can you justify producing patriotic products like a model Statue of Liberty or fan equipment for American football teams there? Pure hypocrisy.

To sum everything up with some nice words by Trey Parker: America, FUCK YEAH!

Original article photo cc by-sa Daquella manera