This the latest on my series on how to use the internet without government interference – now a pressing issue in the UK, China and Australia and probably coming soon to a country near you.

What is Freenet?

Freenet is is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship.
It is a proper dark cloud. If you want to share material online and you don’t want to be identifiable as the source, this is the software for you.
You would want to use this if you were a member of an outlawed opposition political party or if you wanted to post other material that might get you in trouble because it’s against censorship laws. This frees you from having to rely on foreign servers who might comply with requests from your government to remove material or reveal your identity. There s no takedown order on Freenet.
You can also use freenet as a way to share data with friends and collaborators without the source of that data being easily traceable. And it offers peer-to-peer website hosting – so it scales automatically to meet demand. Which, oddly, means it’s free web hosting.
If some of this seems dodgy, remember that you should have a right to anonymity and know also, that Google has decided to fund some development on the project, which could be taken to further confirm that it’s a an entirely legit use of the internet.
Note that running a node helps out others who are using the project, even if you’re not actively using it yourself.

How to use it

I’m on a mac, so I can write up what I did. They have windows documentation on their website as well as general documentation.
First, I downloaded the installer. Then I ran it. After it installed, it opened in my web browser and then told me I should use a second web browser to connect. I normally use Chrome, but for my second browser, I use Camino because it’s lightweight, but configurable. However, I need to remember to clear the cache when I’m done.
There are some questions, I went with the defaults and with “normal.” Then I got to the home page, which is at This page is on my own computer. At the bottom are buttons to shut down the freenet application which is also running on my computer or to restart it.
If you have shut down freenet (or rebooted) and want to start it again, go to the freenet folder and run StartFreenet.command by double click on it. That should work.
Ok, so when I got to the home page I clicked on the Ultimate FreeNet Index. And I noticed that it’s slow. And also, the content looks very 1999 (the simplicity makes it load faster) and it’s a teeny bit dull.
Alas, well, defeating censorship isn’t always glamorous. If you want this to be more secure (and to share interesting content with people you know), you should find your friends on here. You would add them at At the bottom of that page is your reference link. Share that (securely!) with your friends and they would put it in the box above. There’s some documentation on how to do that on this page.
Once you have friends on it, you can send them messages and files securely, from the friends page, so it’s good for just trading stuff around. Check it out. If you want to be my friend, let me know. It’s not exactly social networking, but it’s still cool.

How to run Tor – the short version

Windows Users

  1. Download Tor
  2. Install it
  3. Install Torbutton
  4. Configure it to be a relay

Mac Users

  1. Download Tor
  2. Install it
  3. Install Torbutton
  4. Configure it to be a relay


  • It protects you from your ISP or government spying on your data.
  • It allows other people to get around national firewalls, like the one in China or the one the UK is about to build
  • It promotes free speech and access to information in oppressed areas

Read more . . .

The Digital Economy Bill and Tor

The DEB is a soon to be new law and will be a very bad thing in the UK, but it just passed the House of Commons with virtually no debate. Explaining what it’s all about is a bit beyond me, so just click the link to read what it says, then come back here.
There’s two parts of it that seem especially troubling. One is that it seems to mandate the construction of a national firewall in the manner of the Great Firewall of China, in order to prevent people from breaking copyright. Of course, kiddiepron will also get on the list posthaste. And then terrorism. And then. And then. And then. Since the Apple iTunes store is incredibly profitable, the internet is clearly not destroying the ability of copyright holders to make money. Indeed, I do not believe that copyright is as much a motivator as is blocking access to websites such as wikileaks. That’s the website that has the leaked video of American troops killing a milling group of civilians and Reuters reporters. They leak incriminating documents from governments and corporations. Of course, the internal memos of corporations ordering baby seals to be clubbed to death or whatever are all copyrighted and certainly posted without permission. The US government has been actively trying to figure out how to shut down the site [PDF]. Brits just won’t be allowed to look at it.
The other troubling bit is the provision that people accused of doing forbidden things, like downloading the Colbert Report from bittorrent, will have their internet access cut off. This is at the same time that UK government services are increasingly moving online. Get your net cut off, and you cannot access government services. Is this really the appropriate punishment for a copyright violation? Note also that there’s no trial, no defence, just accusations. So if they get confused and think that your legal Creative Commons music might be a copyright violation, you get cut off whether you violated copyright or not.
Cafés and other locations will be unable to provide free wireless because they’d get cut off for having naughty patrons. Indeed, the era of free public wifi has probably just been legislated away. T-Mobile can still charge you for access, because they know who you are, but the café down the street can’t do that. The fact that this makes it much more expensive for people to get online is great for internet companies and crap for everybody else, especially people with limited resources.
The question that I have is how anybody would even know what you were doing with your internet connection anyway. There are two answers that I can think of: One is that media companies might put up “bait” files on firesharing services and watch who downloads them. The other, frankly more likely, method is for ISPs to spy on data. And if they can spy looking for people breaking copyright, they can also look for peadophiles and terrorists and anybody who is doing anything remotely unusual and you think you’ll be ok because you’re a politically centrist white middle class native-born citizen who never pirates anything, but maybe your kids do, or your computer caught a virus which caused it to do something naughty without your knowing about it or maybe you are just mistaken accused – you have no opportunity to defend yourself.


There are some programmes that can help. In this post, I’ll talk about Tor, which you should run. Go download it. It doesn’t matter what country you’re in, running Tor is a public service. This program routes network traffic around in funny ways (via peer to peer) so that somebody looking at your network traffic can’t tell what you’re doing. Also, if you live in a place like China (or soon to be the UK) it will find a way for you to get to the site you want. It defeats this kind of firewall.
How it works is that when a user tries to look at a webpage, they don’t connect to that webpage directly. Instead, they ask the Tor network for the web page. The request goes from person to person in the Tor network until it gets to somebody running an exit node. The exit node then asks for the page and sends the data back through the Tor network, from person to person, until it gets to the user. The users in between are helping the end user maintain their privacy. This can help bloggers in China, people who want freedom in Iran and other people engaging in prohibited political speech. Alas, it also helps people who are actually up to no good. But, I mean, you don’t want the post office to open and read everybody’s mail. You don’t want the government to know about every single movie you watch. Privacy protects good guys and it protects bad guys and it protects people who just want to quietly live their lives without intrusion.
Perhaps you, dear reader, live in some place with a government that respects your privacy. Good for you! You can help out people in other countries by running a Tor node, even if you don’t use it yourself. I’ve been doing this for years. I don’t notice the loss of bandwidth and I hope that I’m helping somebody in a repressive country get access to information. The major downside of Tor is that it’s kind of slow. But more nodes makes it run faster. And more exit nodes are a good thing. I just took mine down because I don’t want to get my access turned off due to the DEB, but if you live in the States or someplace that has due process of law, you should run an exit node. That’s the point at which traffic leaves the Tor network and goes to the regular network. So if somebody in China wants to read this very blog post (which is blocked there), an exit node in Texas might go ask for this page.

Installing and Configuring Tor

I use a Mac, but it should be similar on other systems. First, download it. Open the disk image and drag the Vidalia application to the /Applications folder. Don’t put it anyplace else. Then open it. A window will open. Click the icon that says “Set up Relaying.” A new window will open. It has tabs on it. You want to be on the “Sharing” tab. There are three options there. If you want to run an exit node, pick either “Relay traffic for the Tor network” or “Help censored users reach the Tor network.” If you do not wish to run an exit node, pick “Relay traffic for the Tor network.”
Some new tabs will open. First click on “Bandwidth Limits.” How fast is your internet connection? Pick something that seems right. Then click on the “Exit Policies” tab. If you do not wish to run an exit node, uncheck every box. Those boxes are the sort of data you’re allowing to exit, so if you have “Websites” checked, people who are looking for this blog post might exit from you. If you have “Instant Messaging (IM)” checked, people who are chatting on AIM or whatever might have their data getting onto AIM from you.
If you are running an exit node and somebody does something naughty and your country respects the rule of law, they cannot prove that it was you that asked for the naughty data, so you ought to be ok. I’ve been running an exit node for the last three years with no problems at all. Most traffic going through Tor is entirely innocent.
Now set Tor to start up automatically when you log in. You can do this by right clicking on the icon in the dock. On my mac, you put down two fingers on the trackpad, as if you were scrolling, and then click on it. A menu pops up. Go to opens and then Open at login. If you don’t have the two-fingers-means-right-click thing, I’m not sure how you do this. Somebody leave a comment?
You may also wish to install Torbutton for Firefox, something which is covered in the next section.

Using Tor

One way to make the Tor network more secure is to put a lot of traffic on it. If the only stuff that’s going by on it is stuff that people want to hide, then it’s somewhat easier for governments to figure out who has something to hide. So it’s for the best if a bunch of mundane stuff goes by. Boring stuff that nobody would ever want to snoop on. Then the really snoop-worthy stuff (like this very blog post in some countries) can get through undetected. However, the thing about bouncing traffic around from node to node is that it’s slow. Try it out and see if you want to deal with the slowness.
The easiest way to turn your own use of it on and off is through Tor button. There’s a script in the install package/ on the disk image called “Install Torbutton for Firefox.” If you have firefox this is very easy. Just install it and then you get a little bit of text on the lower right hand corner of the browser window. When it’s red and says “Tor Disabled”, you are browsing the web in the normal way – not through the Tor network. Your relay is still running. If you want to use Tor to browse the web and do other things, click on that text. It will turn green and say “Tor Enabled.” Your network traffic is now going through Tor. Try connecting to It will load the Google web page for whatever country your exit node is in. I just got German Google. Try searching for something and then clicking one of the links. You may notice that it’s slower than you’re used to. If you decide it’s too slow, just click on the green “Tor Enabled” text to turn it back off and browse the web normally. Your Tor node will still be running and helping other people, you just won’t be using it yourself.
During the time that you have enabled Tor with firefox, it’s enabled for all web browsing on your system. That means that if you enable Tor with firefox and then use the Chrome web browser, you will still be going through Tor. You can use firefox to turn Tor on, then quit firefox and it will still be on. If you want to turn it off, you can re-start firefox and click the green text in the lower right hand corner, or you can reboot your computer.

Using Camino as your stealth browser

Ideally, it would be cool if you could have one browser program that used it and another that didn’t, so you could use one for things that you want private or don’t mind slowness and the other for things you want to go faster. If you are a new user or are not a geek, you may wish stop reading now. Otherwise, this is how I got Camino to be my Tor browser while leaving other browsers untouched. Camino doesn’t have a pron mode, but it’s an ok browser for this – it’s more lightweight than firefox but fairly configurable.
When I opened the preferences for Vidalia, under general, there is a section on proxies. The proxy it lists is not privoxy, which is the one that is/was used by Tor button, but is something called polipo. On my system, it did not actually start because the conf file listed there conflicts with privoxy, which runs on port 8118. Polpio’s conf file tells it to run on that port, but the normal default port for polpio is 8123. I changed the conf file to reflect this and the polpio now starts for me. If this isn’t a problem for you, don’t change this.
Camino can be configured to use different proxy settings than the rest of the system. By opening the hidden preferences , which you do by typing “about:config” in the address bar. The settings in the link above did not fuly work for me, but I found a very helpful document elsewhere. I’ve got:
camino.use_system_proxy_settings set to false. network.proxy.autoconfig_url is set to . network.proxy.http is set to and network.proxy.http is set to 8123. network.proxy.type is set to 1. Probably all the network.proxy.* and and network.proxy.*_port should be set to and 8123 (or 8118 if you did not change the port for polpio), except for SOCKS which should be set to port 9050. For more information on web browsers, see here and to read more about Tor on OS X, look at this page.

Crypto Howto

Last night, I posted my PGP key with no context whatsoever. Some of you probably didn’t quite grok it. So here is an explanation of what it is and how to use it. This is specifically written for OS X users, but the concepts can apply more generally.

What is PGP

PGP stands for “Pretty Good Privacy.” But it’s more than pretty good, it’s very very strong encryption. This means that you can send email to somebody such that only that person can read it. You do not have to meet ahead of time and arrange secret passwords or secret knocks. No “the crow flies at midnight” required.
Or rather, there IS a “the crow flies at midnight” required but anybody and everybody knows it. This is something called a public key. You want to shout your public key from the rooftops. Anybody that wants to send you a secret message has to know it. But the public key is only half the story. You also have a private key which you keep secret.
Your buddy in the Animal Liberation Front wants to send you some secret email. Zie uses your public key to encrypt the email. This transforms hir message into a bunch of gobbledygook. Zie sends you the gobbledygook. Nobody can figure out what the secret message is – except for you! Your private key (and ONLY your private key) can descramble the message.
Your public and private keys go together. One scrambles. The other descrambles. They are a key pair and work together.
The main point: you can send secret messages to people that ONLY they will be able to read.
You can also use PGP to sign messages, which is something that we’ll get to at the end.

Why would you want to send secret messages?

Email goes through the internet like a postcard goes through physical mail. Your text is not at all hidden. The postal carrier can easily read what you’ve written. Do you use gmail? You know how the ads on the side are related to your email contents? It’s because they’re peeking at your mail to figure out what ads to show you. (They promise that no human ever peeks, it’s just an ad-making engine.)
Just like with a postcard, any computer sitting between your computer and the recipient can read your email. For Americans, under the Patriot Act, various government agencies can demand that your ISP hand over your email and never even tell you it happened. I’m sure you’re not planning any nefarious deeds, but recall that police have been infiltrating the sort of peace groups that gather and hold candles. If you’ve ever gone to an anti-war march or just have a similar name to somebody who has, it’s possible that your email is being intercepted. To put this another way: you know all those stories of woe surrounding the idiotic “no fly list”? Well, the same thing is probably going on with email, except since nobody tells you, you never know. Recall that the big telephone building in the Mission District of San Francisco has a bunch of federal spy equipment in the basement. Reading emails going into and out of the Bay Area.
Maybe you’ve got a really unique non-activist name and are completely apolitical. What have you got to hide? Except that steamy extra-marital affair!

Wait! Can’t terrorists and kiddie porn people also use these tools??!

Yep. Having opaque walls of your house ensures that nobody can see you when you’re sitting on the toilet, but it also means nobody can see you when you murder cute puppies. I’m still in favor of having opaque walls.

Getting Software

As if things weren’t confusing enough, the current version of PGP is called GPG. (The ‘G’ stands for GNU, not that it matters.) It does not come standard with OS X, but can be downloaded from:
You will want to download several of the programs on that page. Scroll down some and then grab: GNU Privacy Guard. (Get the version that matches your operating system version (to find that out, go to the apple icon in the very top left hand corner of your screen. Click on it, then click on “About This Mac”. A window will open with a picture of an apple and the words “Mac OS X”. Below that is the version.))
Also grab: GPG Keychain Access, GPGFileTool, GPGDropThing and anything else that looks interesting.

Making Keys

After you download and install the tools, you need to create a key pair. Recall that a key pair means a public key and the private key that goes with it. One encrypts. The other decrypts. As you can probably guess, there’s some tricky math involved (it has something to do with the products of large prime numbers and is really cool, but this is the last you’ll hear of it in this post, alas). Fortunately, the software handles all of this for you.
Start up the GPG Keychain Access program. As you can guess from the name, this program keeps track of keys for you. Not only your keys, but the public keys of your friends, co-revolutionaries and secret lovers.
Under the Key menu, click “Generate”. A helpful dialog will pop up. The default values are all fine. When it asks for your name, give a name known to people who want to send you email. And for email address, obviously, you want an address also known to those people. For comment, give some info that will separate you from all the other Sarah Jane Smiths on the internet like “traveler in space and time” or “investigative reporter” or something that actually applies to you that will help your friends and co-conspirators recognize you.
Eventually, it will ask you for a password. This will be the password for your keychain. Recall that your private key has to remain secret. This secrecy requires the boring, old-fashioned, password-based security, like the combination lock on your gym locker. All the normal suggestions for picking passwords apply.
And finally, it makes your key pair. Which takes a while because of the tricky math. Go make a cup of tea or walk your dog while this part goes.

Sharing Keys

Posting your key to your blog is, alas, not the best way to share keys. Instead, there are computers called keyservers. These computers sit on the internet and do nothing but keep track of people’s public keys. They are good places to put your public keys and also a good place to find the public keys of other people.
Your new key is now listed in the Keychains window of the GPG Keychain Access program. Click on it so that it’s highlighted. Then, under the Key menu, select, “Send to Keyserver.”
Oh my gods, weird windows popping open! The terminal! Ack! Yeah, just close all of them. The program is kind of ugly and messy, but it does it’s job. Your key is now out on the internet where folks can find it.

Finding Keys

I can hear your inner monologue now, “Whee! This is fun! What next? Secret email! Oh, but who do I send it to?” Well, you could send some to me! But first, you need to find my key. Go back to the “Key” menu on your Keychain Access application and select “search for key.” Type in my name, “Celeste Hutchins”
More windows pop open, but this time you have to pay attention to them. The terminal window will give you a numbered list of all the people named “Celeste Hutchins” who have submitted keys. Which one is me? Well, make your best guess and type in the number next to it. It should then go into your key menu in the keychain application.
How do you know it’s really me and not some evil miscreant pretending to be me? Well, that’s a problem. And for that reason, you need to tell the keychain manager how much you believe that the keys actually go with the person that you think they go with.
Highlight my key. Under the Key menu, select “Edit.” Again, a terminal window opens. It waits for you to type a command. Type “trust” (without the double quotes) and then hit return. It then asks you about your trust level. It gives you a rating from 1 – 5, where 1 is “none” and 5 is “all the way.” this trust level is not about how much you trust me (or the person whose key you are editing). It’s how much you trust that they actually belong to who you think it belongs to. Do you trust that it’s really my key? Well, alas, there are some features that won’t work unless you select 5. So if you want to try sending me encrypted email, you’re going to have to pick 5. Type “5” (without the double quotes) and then hit return. Then type “quit” (without the double quotes) and hit return. Now you can close the window.

Encrypt Something

Yay, now the fun part! Open the program GPGDrop Thing. A strange-looking window opens. Type something in that window. Specifically, type your secret message! When you’re done creating your secret message, go to the GPG window and select “encrypt.” You get to pick the recipient from a drop down list. In that list, you will see your own email and the email addresses of everybody that you trust ultimately. Pick your recipient and then click ok. Your message will turn into gobbledygook. Now select the whole contents of the window, copy it and paste it into your gmail account (or other mail program). Send it. Only the recipient can descramble it.

Decrypt something

You just sent me encrypted email. I wrote back with an encrypted message. It looks like:

Version: GnuPG v1.4.7 (Darwin)


What does it say?! Copy and paste it into GPGDrop thing. Get everything between and including the “—–BEGIN PGP MESSAGE—–” and “—–END PGP MESSAGE—–“. Go to the GPG menu. Click “decrypt”. Now you can read your secret message!

Sign Messages

Sometimes encrypting messages is overkill. you don’t need to bother encrypting it, but you’d like to make certain that it hasn’t been changed mid-route. Maybe you’re sending email internationally and part of it got censored, just like an over-zealous postal carrier might strike out naughty words on a postcard. You can sign a message, thus showing whether or not it has changed en route.
This puts some text around the message like this:

Hash: SHA1

This is a signed paragraph.
Version: GnuPG v1.4.7 (Darwin)


The main text is “This is a signed paragraph.” The rest is the signature. It verifies that the text that you received is the same as the text that I sent. PGP uses my text and my private key to generate the signature. The text and the key put together form a unique string of gobbledygook. You can verify that they match by cutting and pasting the whole thing into GPGDrop Thing. Under the GPG menu, click verify. If it verifies ok, the message is as I sent it. If does not, it means that my text has been changed.

Going further

If you use the Thunderbird mail client, you can install some PGP plugins to handle all of this for you. There are also scripts that exist for firefox. You will have to look these up on your own. Have fun!


Please leave comments if you are confused or have ideas about how this can be improved. Is it clear enough for people who are not power users, but just surf the web and check their email?


Version: GnuPG v1.4.7 (Darwin)


Crypto is good