Maybe you have noticed it. Privacy is an issue. A bit strange since there are only 14 days left until the new EU General Data Protection Regulation (GDPR) will become fully enforceable throughout the European Union.
So before end of May 2018 all organizations that process data of EU citizens must comply with this General Data Protection Regulation. Determining how to design and improve your systems to meet the GDPR is not straightforward. But even harder for Internet users is to be invisible using Internet communication when it mattes.
Knowing how you can prevent privacy information to be exposed can help you when you must design and create a GDPR compliant system for your users. Setting up a system for communication when you do not want any personal information of your users exposed is hard. E.g. the WikiLeaks does not want to known who you are. There is only a possible interest in the information you want to share.
Despite the fact that the GDPR document starts with “The protection of natural persons in relation to the processing of personal data is a fundamental right” it is very hard for users and service provides to protect these rights. This because making it impossible to trace communication by third parties, including governments is very difficult. Most governments are still not very kind for persons with other principles. So there is a real need to make it possible to make tracing of communication impossible without throwing giving away all the benefits of current Internet communication technologies.
A Solution Building Block that provides secure communication in many ways is Streisand. Streisand is open source software that sets up a communication server that can run:
- Stunnel, or a
- Tor bridge.
After configuration Streisand generates custom instructions to use the communication service chosen. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists. Setting up Streisand requires still some good Unix knowledge for installation and configuration. So it is a bit of a hassle.
Using Streisand reduces the barrier of entry to running a VPN/censorship-bypass server for friends and family and makes secure communication available to more people.
Using secure communication (e.g. VPN , HTTPS ) is almost a must have to be GDPR compliant. Encrypting data whilst it is being transferred from one device to another provides effective protection against interception of the communication by a third party whilst the data is in transfer.
This blog post will be added (after rewrite) as an extension on the ‘Open Reference Architecture for Security and Privacy‘. We are working on an renewed version. Please join us!