Bangladesh Government's Crime Strategy

It's quite a worrying time in Bangladesh at the moment, there are threats not only from terrorism but general unrest throughout the country.  At the moment the UK Government is advising against all travel to the Chittagong Hill Tracts and most other Western Governments have similar advisories in place.

Yesterday (23rd Nov) there was a countrywide strike and there is a violent feel of unrest in the air in many places.  Last week there was another terrorist attack against an Italian priest, which was reportedly claimed by ISIL.  The target was 57 year old Piero Parolari, who was gunned down whilst cycling to a catholic missionary hospital where he worked as a doctor, fortunately he survived although he has suffered serious injuries.

There are problems from the civilian population too, particularly supporters of the Jamaat-e-Islami party who are organising protests to support two former leaders who face the death penalty in relation to crimes committed in the 1971 war of independence against Pakistan.

So in a classic, not sure what to do over reaction, the Government has instigated a block against a variety of social networking sites.  Facebook has been blocked, plus the Facebook Messenger app.  Lots of other messaging and chat apps have also been banned including WhatsApp and Viber.  The justification is that they are being used to organise criminal behaviour, although no more details seem to be available.  The idea is a long standing one, if your population are organising protests, strikes and rallies then block as many social networking sites as possible.

Obviously these inept measures have been matched with a similar hapless technical implementation, with a combination of different methods used depending on which ISP you choose.  The reality is that it's a very haphazard ban and one that's very easy to bypass by using a VPN or proxy.  In fact thousands of people already use these to watch the BBC abroad and will similarly be unaffected by the blocks in any case.

As a method of blocking civil disobedience and political dissent, it's a hopeless and desperate move.  It has much the same same (non)-effect as Turkey who frequently use this method with negligible results other than to earn the derision from the population and civil rights organisations across the world.  Bangladesh seem intent on dealing with their problems by picking an easy and inneffective target - social media.

Incidentally if you're in Bangladesh and affected by this block, please read my post here - http://www.anonymous-proxies.org/2009/04/facebook-banned-facebook-blocked.html which shows you how to use the demo version of Identity Cloaker to bypass blocks to Facebook.  It's 6 years old but still works although the demo version won't help with the other social applications that are being blocked.


BBC Locks Down iPlayer from VPN and Proxy Access

For millions of people across the world, there is one reason and one reason only that they use a VPN - it's called BBC iPlayer.  For many expats using a Virtual private network has become a lifeline to home, for others it's just the chance to watch quality TV without being bombarded with advertising every few minutes.

Many of us who live outside the UK remember the disappointment of connecting to the BBC iPlayer site and discovering that it simply wouldn't work from outside the UK.

Fortunately this was short lived as we discovered that there is a workaround being used by millions of people across the world.  This is the reason why technologically challenged pensioners suddenly started ordering proxy servers and VPNs - so that they could still watch Match of the Day, the News or Eastenders from anywhere in the world.

Virtual Private Networks have many uses including allow the user to encrypt their data and hide their location when browsing online.  The offshoot of this is that when a website checks your location, you can control what it sees.  Connect through a UK VPN and you can watch any of the UK TV sites online including the BBC.  In fact now the most advanced VPN solutions like Identity Cloaker even allow you to switch locations at will, so you can watch US, Canadian, Irish or Australian TV channels too.

Some of the media sites have fought back, Hulu for example waged war on these services in 2014 wiping out the use of proxies and blocking many VPN services.  Netflix, ABC and NBC also have active controls and frequently target these services.  However the BBC has never seemed to try very hard to block remote users who use a work around.

Now this has all changed, the BBC has blocked thousands of UK based VPN addresses.  It appears to have drawn up a list of providers to target, from my research it appears to be the most obvious targets.  The largest VPN providers and those who actively market  their services as TV watching VPNs have been the biggest sufferers.

There has been a wave of disappointment across the globe as people fired up their VPNs over the last few days and were greeted with the simple message that the BBC iPlayer was only available in the UK.

Fortunately there is a solution, there has been no great technological leap in VPN detection, it appears the block is simply placed on the IP addresses.   Stay clear of the TV watching VPNs and stick to a security based product and you should be fine.  Identity Cloaker has been unaffected so far, and you can still watch BBC iPlayer through their VPNs.  As for the blocked providers it's likely they will simply update their IP addresses and be back working soon in any case.


How Safe is your Hotel Wifi Connection?

How safe are the Wifi connections that you use when away from home, who owns them, who runs them and how secure are they?   Well chances are, like most of us, you're likely to  have virtually no idea about the answers to any of these questions.  For sure, you might hazard that the owner is Starbucks or the hotel management, but that will probably be only a guess based on your location (many firms outsource their internet provision in any case).

The reality is that you have little or no information concerning any wifi connection you use, when away from your office or home.  Most of us expect to see half a dozen available networks whenever we try and connect from a coffee shop or hotel room.   Something like this, is fairly typical -

A selection of wifi access points, some secured, others completely open.  There is only one common element, the fact that you have no idea who runs the majority of them.   Of course if you're at a hotel or airport, you can look for a name representative of that location.  However anyone can name an access point whatever they like, there are no restrictions on what you can call any access point.

What most people do is click on the most obvious culprit, then  name of the hotel or initials or something similar.  

So What's the Danger?

Well the dangers are very real and growing all the time, due to the increasing number of attacks targeting public wifi access points.  The attacks have a variety of names from 'evil twin' (referring to a duplicate access point) to session hijacking but they all share a common goal - to harvest people's credentials in order to profit.  They basically consist of setting up rogue access points, often free, to get unsuspecting users to connect to them.

The problem is that whenever you connect to an access point anywhere, you are entrusting your connection and details to the administrator of that connection.   All your information will flow through that access point and it's perfectly possible to intercept and log all those details without the user being aware.  Tools which help perform MITM (man in the middle) attacks like responder, evilgrade and sslsplit are easily available and fairly simple to use. 

Imagine, that every piece of data that flows through your connection is logged and recorded.  Perhaps you login to your webmail account, check that auction in ebay or perhaps set up a standing order in Paypal or using online banking.   All these credentials are then compromised and become available to the bad guy.  It doesn't matter that they're supposed to be protected by SSL, because that data can be intercepted. Or the attackers can merely spoof DNS entries to direct users to duplicate copies of the legitimate sites and steal login details directly.

Unfortunately it's actually very difficult to tell whether you're using a legitimate access point, often the rogue access point will even have the same web portal as the real site.  Others simply advertise their connections as 'free wifi' or something equally as tempting.
If you are using unfamiliar wifi connections you should restrict your web usage to non-secure sites, do not login to webmail or banking sites.  Anything where you need to authenticate should be avoided,  if you must use these then use a VPN like Identity Cloaker to protect your data while using it.


Travels with My Roku - Mobile Entertainment Perfection?

I thought I had this sussed, a three week stay in the US followed by a couple of weeks staying in European hotels - evening entertainment was needed.  My problem is that my entertainment options when travelling usually involve two choices drinking in bars or watching TV, but although most US hotels have lots of channels - I'm afraid I just can't get used to the number of adverts.

I needed a better option for the sake of my liver, so I started looking around for something I could travel with and access my favorite TV channels on things like BBC iPlayer and Netflix ( both free of adverts). Being able to access Netflix on my travels was particularly appealing as it would default to the US version whilst in the USA with lots of different content than the UK version.

Of course, I could watch both of these with Identity Cloaker and my laptop or tablet.   However I for one have never really enjoyed watching films on smaller screens very much so wanted to watch it on the TV. Cables obviously exist to hook up devices to your TV but every time I try this, the hotel TV has different ports or missing sockets.  The solution I thought lay in the numerous media devices that plug simply into any TV and stream online from a variety of channels including Netflix,  BBC iPlayer and other British TV programmes.

I chose the wonderful Roku, as I knew it worked and could use my Smart DNS account on it easily ( here's the one I use), this meant I could watch any channel I liked by switching my location easily.  All you need to do is change the Roku's DNS address to the Smart DNS one and it can access any channel irrespective of your location.

The other big advantage of the Roku is it's size, about the size of a cigarette box, it weighs next to nothing and fits easily into your luggage.`I thought it was perfect, and packed it all up (remembering the remote control) and thought I had with me a mini entertainment package for all my travels. I could watch any film I liked from any region of Netflix and enjoy the BBC on demand too with my Overplay account. Unfortunately this happy state of mind lasted only until my first hotel visit when I encountered the fundamental problem of travelling with a Roku when using public Wifi access points.

I eagerly set up the Roku and checked out how to access the hotel's wifi, this was where it dawned on me. The hotel offered fairly reasonable wifi rates on a weekly basis and you just sign in with your browser to access the internet. I soon discovered that this authentication method was very common in hotels and coffee shops, just fire up your browser and login.

Even when the access was free (as in some US airports) you had to login with an email address. Unfortunately opening a web page isn't something you can do with a Roku, it has no browser and so you can't authenticate the device. Even if you access the internet via a tablet, you still can't authorise you Roku as most grant access rights to the Mac address of the device you logged into.

 If Internet Access Requires Authentication via a browser - the Roku is virtually useless.

It's true and there's no simple solution until the Roku has the facility to open a web page to authenticate itself. There are some technical options of course, you could cone the mac address of the Roku onto a laptop and then authorise it there - which technically should work. However this is lots of hassle and you might even need to keep doing this every few minutes. So next time I'm going to try and take a Chromecast instead although there are issues with this using Smart DNS.