Today I sideloaded TubiTV to my Smasung smartTV, if you live in a country where TubiTV is available you don´t need to do any of this, the instructions are only for people being geoblocked by TubiTV, as a side note, this should work for many other apps like LiveOne.
I will describe my hardaware because depending on hardware things might change, I am using a Samsung smartTV with an Android TV box, brand “Strong”, based in Austria but owned by a Chinese conglomerate, they are not one of the cheapest Android set up boxes out there but you know it won´t come loaded with malware as it is a well known brand within the Android set up boxes community, and more important, it runs Android 11, which makes it harder to install unauthorized software.
You will need an Android phone too, these are the instructions to sideload TubiTV to your smart TV.
Download the app SendFilesToTV from the official Google play store to your smartphone and to your smartTV, the app must be installed in both devices.
With your phone go to the alternative Google playstore UpToDown and download any app, for example TubiTV, this will be a .apk file.
In your smartphone click on the Send Files To TV app, click the button that says “Send” browse your .apk file downloaded from UpToDown and select sending it to your set up Android box which will show up in the destination if you are in the same Wi-fi network, this only works if your smartphone and the Android set up box are both in the same network.
Go to your smart TV open the Send Files to TV app, click on Receive and you will see the .apk file, click on it and pick install, you will be prompted to change one security setting to be able to install it, the instructions are very clear, read the screen and change the setting UpToDown tells you, after this you will have UpToDown installed in your smartTV.
Open the alternative Google PlayStore you just installed in your smartTV, go to media and you will find TubiTV and thousands of other apps, now you can pick any app you want and install it without having to use any work around.
For security uninstall SendFilesToTV after leaving a review to the developer if everything has worked for you, the app is free at the very least you could leave a review right? You can use other alternative Google play stores like ApkMirror, a Chinese company but my favourite store is UpToDown for no other reason that I don´t trust the Chinese government when it comes to privacy and security.
Needless to say that you will still need a VPN to watch TubiTV, you can try WindScribe for free without payment asked and see if it works for you, they support streaming, or pick your own VPN. English speaking countries where TubiTV is known to work: United States, Canada, Australia, United Kingdom.
Posteo is a paid privacy email provider based in Germany. I signed up with them after a recent Fastmail price increase and my concern about Fastmail being an Australian company with servers in the USA.
I briefly considered Yandex, a free Russian email service with interface in English, but it does no good to me to trade NSA illegal spying for Russian Federal Security Service (FSB) illegal spying.
I came to the conclusion that all countries spy and the only way I was going to protect myself from that is by using an email service that is transparent about logs, has encrypted storage with the email provider locked out of them, with no access to the keys, and end to end encryption. What is known in the privacy industry as zero knowledge, and if the company is based out of the Five Eyes wiretapping alliance (UK,US,CA,AUS and NZ) even better.
Posteo fulfilled all the requirements I had in mind and I also liked that they do not have a Facebook page, it shows they really care about customers privacy.
How to open a Posteo account
Opening an account with Posteo took me around one minute, the company does not want to know your name, address, back up email or phone number.
You only need three things to sign up for a Posteo account:
Pick a username
Pick a password
Pay with cash, Paypal, wiring, credit card or voucher (payment methods are anonymised)
Posteo payment
I used Paypal to buy the account, I know Paypal stores all transactions for years and the NSA probably has a direct feed to them but the transaction does not show your Posteo email address, the only available record in Paypal is the date and amount of money you sent to Posteo, your inbox or username is never printed anywhere in the receipt.
Posteo Paypal payment (5 years prepaid)
Futhermore, Posteo payment system automatically assigns a code to the inbox so that usernames can never be linked by the company with a payment. Tax laws compel Posteo to keep payment information for 10 years, this includes your name if you used bank transfer o Paypal to buy the account, but it never includes what your email address is and if the company was asked for this they are unable to provide the information, there is no law forcing Posteo to keep that data.
Specific details on how your payment is anonymized is very well explained with screenshots within Posteo’s FAQ.
One of my favourite things from this company is that their help pages disclose in plain English (German&French) the security measures they take to protect customers from illegal spying by government agencies, what logs Posteo keep, how long for and what happens if they receive a subpoena, as well as some background information about Germany privacy laws.
There are no trial Posteo accounts, payment is taken from day one, but if you are not happy with the service you have the right to revoke it within 14 days and credit will be refunded.
If I had to criticise anything from the payment system is that they do not accept Bitcoins.
Posteo email basics
You can access your email via web, IMAP or POP3, attachments are a generous 50MB and the initial inbox is 2GB with a couple of aliases, all of this can be increased according to needs.
Posteo has a single basic email package that is prepaid, if you feel like you need more storage space or more email aliases you can go to account settings and move a slider bar to add extras, as you do this the screen shows you how much more this will cost you, for example, an alias currently costs €0.10 a month, if you need four email aliases that is €0.40 more a month, if you no longer need them next month, you delete it and monthly price comes down again.
The way Posteo pricing is set up you don’t have to pay for things you don’t need, you customize it to your needs, it works out cheaper than paying for an oversized email package that subsidizes heavy or business email users.
The account includes a decent online calendar, that can be optionally be shared with a public URL, address book and notes, all of which can be encrypted, in which case sharing is no longer be possible.
Posteo email calendar
Consider carefully if you need your inbox encrypted, after you enable it some functions like email searching will no longer work and if you lose your password Posteo support can reset your account but you will not be able to read your old email messages without your old password as Posteo has no way to decrypt them.
For example, because I only plan on using Posteo in the browser I activated the additional email account protection that eliminates IMAP access, and this stopped notes from autosaving so I had to reactivate it. Next to each encryption setting you will see a box that tells you what features stop working if you choose security over functionality.
Posteo email security
There are a ton of security measures, and nearly all of them can be configured, Posteo is ideal for advanced privacy email users that like to have control and spend time tinkering with their security settings. It took me a good couple of hours of reading understanding all that Posteo had to offer.
This company is one of the first email providers to implementing DANE, a DNS based authentication method that checks the digital certificate fingerprints of other email providers, this detects bogus certificates replaced by sophisticated hackers, state sponsored operatives have been known to do this trick in the past.
For DANE to work other email providers must support it too, when sending an email to somebody a small green check box in Posteo let’s you know if the server you are communicating with is DANE compliant. Tutanota supports it and Protonmail has plans to have DANE this year, but the big NSA back doored email providers, like Gmail, Yahoo and Outlook, have no DANE support.
Encrypted email provider Posteo
Another setting activates a TLS-sending guarantee, with the checkbox ticked your messages will not be delivered to any TLS insecure email server, if Posteo comes across one you get a warning and have the option of sending the message without proper encryption in transit or not sending it.
To use PGP you need to install MailVelope addon browser, after that a new button that says “Compose&Encrypt” magically appears in the webmail interface.
You can add your public encryption key to Posteo keyserver and activate “encrypt all incoming email“, this means that all messages you receive will be automatically encrypted with your own PGP key at the door, on top of the encrypted inbox.
You might want to do this if you don’t trust Posteo’s own encryption, you add an extra layer with your own keys, however if you lose your private keys you will not be able to read the messages again and every time you click on an email in your inbox you are required to to enter the decryption password in MailVelope.
I found incoming encryption too burdensome, I would only propose it to the most paranoid kind not concerned with quick email access.
Posteo PGP encryption Mailvelope
Hat tip to Posteo for automatically bouncing my public encryption key back to my inbox with a warning that it did not conform to security.
During key generation I made the mistake of adding my first name to the public encryption key and Posteo very rightly rejected it in their keyserver as the name can be used to track down your identity, I was only able to add the key to the server after changing the name field with a non descriptive text, like my email address.
Two factor authentication is possible too, Posteo works with any open standard TOTP app, like Google Authenticator, but the company recommends FreeOTP because it is open source (developed by Fedora), or if you own a Yubikey you can use it for two factor authentication, the help pages come with clear instructions and screenshots about how to set it up.
Posteo downsides
It put me off Posteo that they don’t own the .com of their email address, I had people in the past sending me messages to a .com version of my address, it is a common mistake many people do. I find it very short sighted that a company like Posteo, offering a choice of 30 different domain names for your email aliases, does not have a single neutral .com that you can pick for an email address. You can have a @posteo.af address, country code from Afghanistan, and a @posteo.jp country code from Japan, but .com is not an option.
I would have appreciated a non descriptive .com domain which URL does not resolve to Posteo homepage that can be used as an alias.
Another downside for me is that Posteo does not have a Spam folder and you can not have one. Posteo drops all spam silently and you must trust they do it correctly.
My experience with email providers so far has been that no spam filter is 100% perfect and I have no way of finding out if a message is not getting to my inbox because it was flagged as spam by mistake or because it was never sent.
You can whitelist addresses in the filter but there is no way of whitelisting something you don’t know about.
Posteo advantages
Posteo comes with Mailvelope preconfigured, after installing the addon in my browser a new encryption button appears in the webmail interface and this gives me the ability to communicate with other PGP users holding my own encryption keys instead of Posteo doing that.
The encrypted email inbox and being able to encrypt all incoming messages with my own private encryption keys is a huge perk too.
Posteo message filtering
It takes time time to encrypt messages yourself, entering passwords, selecting the right keys, etc, if you are tight on time and security is not that important for you it might be best that your email provider does all of that, but if you want to err on the cautious side and trust nobody with your encryption keys, owning your own keys is they right way to do it.
I also liked the email filtering, being able to file messages into folders as they arrive, according to subject, sender, etc.
Posteo support
Support is not suited for businesses, but I think that an individual will be ok waiting one or two days for a reply. You can contact Posteo by email during German working hours.
I sent Posteo support an email to ask a question about my settings and it took 24 hours to get a reply that solved my question.There is no ticketing system, this might unnerve some people, because you keep wondering if the email was ever received, but not having a ticketing system is advantageous for those who value privacy and a very good idea
The company barely keeping records of anything means that the information can not be lost or stolen and you can always check the “sent receipt” box if you email support, this way you will know they have received your inquiry.
Posteo vs Protonmail
I like Protonmail design and them forcing two different passwords to access the encrypted inbox. The main reason why I did not buy a Protonmail premium account is that their paid accounts cost five times more than Posteo. Protonmail has a bigger inbox but I wasn’t going to use it.
It also put me off a bit knowing that in 2015 Protonmail had paid ransom to some cybercriminals DDoS their servers, it shakes my trust on how much of a fight the company is willing to put up for what it is right when I see Protonmail selecting the easy way and pay up to avoid problems.
Posteo vs Tutanota
I was really close to buying a Tutanota premium account, they offer more aliases than Posteo, both companies are based in Germany, and cost the same, plus I like a couple of features Tutanota not found in Posteo, like being able to send links to password protected messages.
I finally went for Posteo because of their Mailvelope pre-configuration and because I wanted a company that will not go bust. Posteo has been around for more years than Tutanota and they do not offer loss making free accounts which makes it more likely that they will survive.
Posteo review conclusion
If you are comfortable managing your own PGP encryption keys, want an email service with an encrypted inbox that does not keep logs or records your identity and it comes with lots of features at a cheap price, I think that Posteo is unbeatable, far cheaper than other paid providers (€12/year).
You should also pick Posteo for an email provider with calendar, notes and aliases that will respect your privacy and if you need a mailing list provider, this is still in beta but it should be rolled out soon.
But if you rather have your email provider do to all PGP encryption for you at the back end don’t pick Posteo and if you wish to pay with Bitcoins Posteo should be out of limits for you too.
Getting fed up noticing daily brute force attacks in the server logs I decided to upper the game and implement two factor authentication (2FA) in the blog login page, this way even if a trojan horse in my PC captures the long random password nobody will be able to break in.
The most common choice for two factor authentication is Google Authenticator, or a compatible mobile app like LastPass Authenticator or Authy. The problem I had with them is that I carry my mobile phone with me everywhere and I was afraid of losing it, together with the matter of mobile apps wasting time requiring you to enter a long random number in the login page. For those reasons, I decided that a hardware token authentication was preferable and I bought a Yubikey Edge and a Yubikey Neo.
The main difference in between the Yubikey Neo and the Edge is that Neo has NFC and it can be used with a smartphone or tablet that supports NFC, usually high end models, without the need for any USB port.
Yubikey Neo and Edge
Something to remember is that Yubikeys only work with the Chrome browser, Mozilla Firefox intends to add U2F support in the future but this has not been done yet.
Fortunately there is a Firefox addon called “U2F Support Add-on” that has been reviewed by the Mozilla team to make sure that it doesn’t have security complications and it works. I also use the Yubikey with Vivaldi, a Chrome based browser and it also works, this way I can avoid a pure Chrome browser loaded with Google spyware.
Before buying the tokens I researched on Yubico’s website what online services I could use the Yubikeys with, that was my first mistake. Trusting everything a manufacturer says when they are trying to sell a product is not clever.
Yubico lists self-hosted WordPress blogs as “supported“, after buying the Yubikey I found out that the plugin for WordPress is not developed by Yubico, it has been coded by an individual and it has not been updated for over two years, it rightly comes up flagged with a security warning in the WordPress plugin directory.
Will I expose my website’s security to a plugin not updated for the last 2 years that looks like abandonware? Sure not and I think that anybody who cares about their WordPress blog wellbeing should not use a Yubikey until a company or somebody reliable officially updates and supports the necessary plugin.
The second account I wanted to use the Yubikey with is my Google Account, again a problem comes up. I have no idea why it happened but facts are facts and after setting up the Yubikey with my Google Account and using it a couple of times it suddenly stopped working.
I attempted to make it work with a Chrome based browser (Vivaldi) and Firefox, I confirmed that my Yubikey was fine by going to Yubico’s demo page. For whatever reason my Google Account doesnt like the Yubikey, although officialy Google supports Universal Two Factor authentication tokens the Yubikey will not show up in the log in page anymore.
The third account I wanted to secure with the Yubikey is my Fastmail account, another unexpected obstacle I did not count on. It was remarkably painless for me to add the Yubikey to Fastmail, but then I found out that having a Yubikey added in Fastmail does not disable single factor authentication, all it does is to give you the choice to use a Yubikey to login into your email account from a public computer without having to worry about the password being stolen.
Yubikeys with Fastmail will not stop brute force attacks of your main username, and if anybody steals your login masterpassword you will lose your account. For me the whole point of setting up 2FA is making it impossible for others to access the account without the key and the password together, and Fastmail can not do that.
Yubikey Edge and Yubikey Nano with NFC
Yet more dissapointments trying to set up my Yubikey with Evernote, Yubico lists it as supported but I find out that that for it to work you have to install the Yubico Authenticator Desktop application and configure it with Evernote. It is not complicated but it means software has to be installed into your computer and time spent which defeats some of the purposes of using a hardware token for authentication, like simplicity.
Another problem, Dashlane is listed as one of the password managers supporting Yubikey to login, but only for a price, you can only enable a Yubikey with Dashlane if you have a paid account. Perhaps Yubico should have mentioned this on their page of supported services.
Conclusion Yubikey review
I am entirely out of love with the Yubikey, a few of the problems I had were not Yubikey’s fault, like Dashlane charging you money for the privilege of securing your account with it, but other problems like the outdated plugin for WordPress I feel it is partly Yubico’s responsability. They should have some kind of agreement or a developer to make sure that the most popular services work with the Yubikey and do not look like abandoned projects.
The commendations for the Yubikey are that it is sturdy, it needs no battery and I had zero problems about drivers, but until it works for real in major websites I am not going to recommend it to any of my friends and I would not trust any of the supported services listed on Yubico’s site. If you plan on using a Yubikey on a certain service, visit that page and get the information directly from them instead of Yubico.
Promising project, too bad it can’t be used as intended anywhere meaningful.
SecureGmail is an open source Chrome browser extension to encrypt and decrypt Gmail messages with one click. After installation you will see a red padlock next to the compose button in Gmail, clicking on it will launch the compose window with a red bar that says “Secured“. Unlike other encryption extensions, SecureGmail does not allow Google servers to keep a draft of your message and encryption takes place in your browser, Google will be unable to read anything other than scrambled text, however, attachments are not encrypted, SecureGmail only works for text.
You will be asked to enter a password after you have written the email and, optionally, a password hint. You will have to either, transmit the password to the receiver by secure means, or enter a password hint that the receiver can easily guess. When the other end receives the message he will see scrambled text and a warning saying “This message is encrypted, decrypt message with password“.
encrypted Gmail messages SecureGmail
The strength or SecureGmail is that Google is kept out of the equation by not giving the company any way to read plain text, SecureGmail open source code allows others to check for bugs and email encryption is extremely easy and quick, but there are also many SecureGmail downfalls, the first one is that both parts must have the same extension installed to be able to encrypt and decrypt data, the second problem is that sender and receiver must be both using the same browser, SecureGmail only works in Chrome, and a third obvious problem is that the password has be transmitted, this will encourage people to reuse passwords and it will reduce security.
SecureGmail can be useful for an organisation that has their email hosted by Gmail, but only for staff conversations as sending email to outsiders would be sure to slam against one of the problems highlighted above. If you need a way to encrypt email that can be delivered anywhere, consider learning about PGP and Enigmail or download the Mailvelope extension.
People concerned about privacy should not be using Gmail, but if you do, encrypting it will give the NSA some work to do in between reading clear text messages. Encryption can not protect you from the who is communicating with who server metadata, trying to fool the NSA using Gmail is like trying to win the lottery by praying to Allah, a total waste of time.
There are plenty of reasons not involving national security about why you will want to encrypt your email messages, like not wanting readable email messages stored in your inbox for ever and protecting yourself from embarrassment if a typo sends an email message to the wrong inbox. In scenarios where metadata collection is not an issue, an extension that encrypts email is adequate protection.
Nitrokey is a physical USB thumbdrive developed in Germany to encrypt email with OpenPGP, GnuPG or S/MIME, use One Time Passwords, encrypt your computer hard drive files, manage digital certificates and act as a double authentication token with websites that have adopted the Universal 2dn Factor U2F standard supported by Google services, OpenSSH and WordPress. The hardware design and software code of this encryption thumbdrive has been made open source to allow the review of their security and for developers to be able to integrate their own applications.
The thumbdrive keeps three RSA encryption keys of up to 4096 bits, they are all linked to the same identity but used for different purposes, authentication, signing and encryption, the keys are hardcoded in the device, this makes it impossible for viruses to extract them, the One Time Passwords are compatible with Google Authenticator and hardware encryption is using the AES256bit algorithm with plausible deniability using hidden volumes. The dongle comes with a default administrator PIN set to 12345678 that you should change.
Encryption USB thumdribe NitroKey
A more expensive version, called “NitroKey Storage“, allows you to store up to 64GB of encrypted data in the device, everything is secured using AES256bit hardware encryption. The USB thumbdrive will work in all operating systems, including Linux, it can be used for authentication as well as encryption.
If you are worried about a trojan horse in your computer stealing your encryption keys, Nitrokey can stop just that. Carrying your encryptions keys with you in your pocket, instead of having them in your hard drive makes identity theft less likely, and NitroKey’s open source lets you check its firmware integrity, the developers advertise this as a way to thwart the NSA practise of intercepting hardware in the post to implant backdoors on them.
This is not a very cheap dongle but in line with what encryption thumbdrives normally cost, you can buy a Yubikey for half price but it does not have any encryption abilities other than U2F authentication, Nitrokey offers email and data encryption on top of secure U2F logins.
The best selling point of this thumbdrive comes in the form of being open source supporting standard security programs. The developers also mention that the key has a tamper-proof design and that you can set up a hidden encrypted container to avoid mandatory surrendering of your data when crossing the border or in countries where it is illegal not to reveal your password to law enforcement.
Martus is an open source encrypted bulletin board for individuals and groups tracking human rights violations. It has been developed by Benetech, a non profit organisation pushing for social change. It is written in Java, available for Windows, Mac, Linux and Android, I downloaded the 130MB Windows version to try it out.
During installation a wizard guides you over the necessary steps to set it up, you will be forced to choose a strong password with a minimum of 8 characters and will be given tips to do it safely being told not to use dictionary words and to combine alphabet letters with special characters, everything will have to be entered twice before encrypting it in your device. If you forget your credentials nobody will be able to recover them, not even Martus staff.
Martus encrypted bulleting board Tor settings
Within the software there is the option to activate the Tor network to hide from your ISP that you are connecting to Martus servers and to get around filters if a server is blocked from your location.
The data you enter will be backed up to the server connecting to port 443 (SSL) or 997 using 3027 bit encryption, server administrators will not be able to read anything, data is encrypted with your own keys, and if you don’t wish to use the default Martus server, which during my tests resolved to an Amazon EC2 data centre in the US, any organisation can set up their own, “Advanced Settings” in Martus allow activists to enter the IP address of the specific server they would like to connect to together with the server public code and a magic word for authentication.
You will also be given a public Martus key, this is used to anonymously exchange information with your contacts, entering one of your friends access token in the address book allows you to be in touch with him and transfer encrypted data. There is no need to know any phone number, email address or Instant Messenger, the access code alone allows you to interact with others, anonymity can be strengthened further if you both use Tor, which only requires that you tick a button in Martus.
The hard part of Martus is to securely exchange access keys with your friends in a way that can not be intercepted, Martus recommends that you to use the Off-The-Record (OTR) software or a face to face meeting to do this.
Template forms in Martus can organise data records with little effort, or you can create a custom form yourself. The last step of the installation wizard involves exporting your account key to a secure location, like an external USB thumbdrive, to restore account access in case your computer is stolen or infected by a virus. The key is exported as a .dat file and optionally can be split in three pieces for extra security, in the later case, you will need all of the parts to access your Martus account. These parts can be distributed in between various members of a group living in different countries so that if one of them is compromised, it will not be enough to access the account.
Martus server settings
Martus report layout is plain and clear, two buttons on top allow you to connect or disconnect from Martus server or Tor with a single click and the tabs on the left hand side let you switch in between the received and saved reports, the form incorporates fields with the date, author and server where data is being backed up.
The Android version of Martus requires you to have a desktop Martus account first to be able to configure it, the rest works the same, data is encrypted with your passphrase on the phone to protect you if it is seized, and any picture, audio or text you have stored will have been already backed up to the Martus server and can be retrieved later on if the phone is confiscated, another choice is to designed a second person with access to your Martus desktop account to retrieve data you have uploaded in case you are not released from custody. Other nice details are that program automatically locks and asks for your password if you leave it running in the background, and there is a PDF manual you can download in multiple languages explaining how to operate Martus.
Martus Android phone
This is a very well thought out program, it has everything an activist needs, privacy with encryption, anonymity with Tor, no backdoor, the possibility to set up your own Martus server so that you don’t have to rely on others, and being able to share account credentials in between various people so that if something happens to one person, others will still be able to bring back any photos you have uploaded.
If anything could be improved in this program, is that there is no real time communication to sort out discrepancies, like a chatroom or IM, but you could always ask questions to your contacts adding them to a data form being shared.
Dstrux is an online platform to share notes and files that will self-destruct on the date you specify and tracks when somebody has seen the message you sent to them. The files and notes you share are encrypted in your browser before uploading them to dstrux servers with SSL, the system stops everybody, including dstrux, from seeing what you are sharing.
This service can be used to share messages with other people while not exposing the data to Internet wire-tapping, but the main idea is to be able to exchange personal data in social media like Facebook or by email without having to upload photos and messages to websites that will archive your messages for years and share it with third parties.
Self-destructing files dstrux
Signing up for a dstrux account can be done with your Facebook account or entering an email address and password, linking your Facebook account with this service means revealing your identity so I selected email signup instead.
After login in you will see a simple interface with “Received“, “Shared” and “Forwarded” tabs and a notification alarm bell on top that tells you the date and time a contact has seen a message you sent to them with the date it was destroyed. If you wish to share a file or note with somebody upload it from your computer, set the timer to days,hours or minutes and optionally add blurring to the photo. Blurring stops the receiver from being able to capture a full screenshot of the picture you are sharing, when turned on, the photo will only be visible by sections as you hoover your mouse over it.
The receiver does not need an account with dstrux to be able to read the messages but dstrux encourages them to open one to reply to you in the same fashion. Note that destroyed files will still be available in your “Shared” tab, clicking on them will show metadata about who has seen them, you can delete obsolete files clicking on the trash can.
This is an easy to use service, my only criticism is that sharing integration has been made with Facebook and email, I would have appreciated an open link that I can post in Usenet or an online chatroom to share with a group of people that don’t know me.
Dstrux appears designed for one to one data sharing and privacy in mind, I would not suggest this service for anonymity or sharing files in between groups.
