Digital Privacy, Security, and How I’m Safer on the Internet Now.

Earlier this year I watched the documentary “Citizen Four” about Edward Snowden’s revelations on government spying. Unlike any other documentary I’ve seen, this one had me on the edge of my seat, feeling tense, shocked, and violated all at the same time. Though I have no illegal activities to hide, I can not be comfortable with the level of access the spying agencies have to our computers, cellphones, and other connected devices. Also, the increase of private spying (hacking) is so rampant, it seemed that protection from agency spying might also be increased protection from hacking.

I decided to step up my game and see if I could maintain privacy in this Orwellian environment. A month of research later, I came up with a solution – VPN. A VPN, or Virtual Private Network – encrypts all your traffic between your device and the VPN server. Here is an example scenario of a regular connection vs a VPN connection:

Scenario: Regular Connection VS VPN

-You and I are at a mom and pop ice cream store
-We are both on our iPhones using the FREE WiFi
-mom and pop have a son with ambitions to be the next “Mr Robot” super hacker
-son set up the FREE WiFi network we are using
-son has taught himself enough Linux and Network Administrator skills to Port Scan, Traffic Sniff, and see everything you are doing on his network (urls, IMs, emails, and more)
-son can NOT see what I’m doing. All he can see is encrypted chunks of data going back and forth to one location, which he can not decrypt

This is VPN. All my data – including URLS, requests, responses, etc – flow through a server in an encrypted connection. When I visit a web page, the url is part of the encrypted data between me and the VPN server, which handles the request to that web page. “Son”, or anyone between me and the VPN (like my internet provider) can not see what pages I visit or what is in my data.

Not All VPN’s are Safe

So what if the VPN provider decides to spy on me? Or logs all my traffic and uploads it to the N.S.A. ? This was something I dug deeper into in my research. My wish list for a VPN service provider evolved into this:

– no logging of my data
– good encryption
– good performance ( bandwidth )
– useable on my computers, phones, tablets (and all at the same time)
– decent price
– good reputation for privacy and reliability

I had VPN connections before with my work, but real privacy is something you have to pay for. On a company VPN, the company can still see your unencrypted traffic, because they operate the VPN server.

Speed

My final choice was Private Internet Access ( which I’ll refer to as PIA ). I have it set up on my Mac, PC, iPhone, Android, and Linux box. You can see PIA’s supported clients here. When not using VPN, I can download up to 12 Megabytes per second on my 100 Megabit connection. On the VPN I’ve reached up to 4 Megabytes per second, but typically cap around 2. These are good speeds considering that the VPN provider has to service many other individuals simultaneously. This is also more than fast enough for YouTube and other video streaming.


Geolocation
I have a choice of servers all over the country and all over the world. This gives me better connections where ever I am, but also allows me to “be” in other places when I need to be. For example, when in Canada, certain web sites re-direct you to the Canadian .ca versions of the page. Your IP location is used for redirection behind the scenes. On PIA, I simply connect to a US VPN server and the problem is solved. This could also hold true for people in countries with censorship and other restrictions, as the agencies blocking certain URLs and IP addresses would never see them in the encrypted VPN traffic.

 

 

Hacker Proof?
Other than being digitally safe in the ice cream shop, and being able to spoof my location, VPN has other advantages. My true IP address is never revealed when I surf the internet on VPN. If a hacker was trying to get to my computer via internet, my IP address would appear as one of PIA’s VPN servers. Getting back to my computer via internet should technically be impossible. Although there may be other ways hackers can get to your computer, blocking the passage through the internet is a big step toward safety.

High Performance WordPress on the Cheap

Shared Hosting

Typical shared web hosting plans can be a cheap and easy way to host a WordPress blog, but I’ve found performance on all the ones I tried to be abysmal. WordPress.com may also be an alternative, but this cloud approach I’m going to detail should give you better performance and still be cost-effective. Another approach not discussed here is dedicated hosting, which can also perform, but is usually expensive.

Clouds

When I created this blog, I knew I would be hosting a lot of videos and images and wanted good performance. My previous experiences with Amazon Web Services showed me that clouds and CDNs (Content Delivery Network) make a very noticeable difference. When I say “high performance”, this should perform well for a few concurrent users. Compared to shared hosting, it should be easy to see the difference in load times. If you have a lot of traffic on your WordPress site, you may need to pay for more powerful virtual servers ( RAM, CPU ) and more of them in order to keep up (you’ll see options for this later). In any case this approach is better than shared hosting, as well as a shared / CDN combo.

What’s Best for WordPress

Normally with AWS, I would create Elastic Beanstalk PHP applications and update them with Git every time I made changes, like in my game. In this case, I wanted a server where I could log in from the blog site, make updates, preview, and publish. That gets a bit more complicated with Beanstalk since you can’t make changes to the server’s “ephemeral” disk the way you would on a shared hosting plan. Thats because virtual servers (EC2s) lose their changes every time they are terminated, and in Elastic Beanstalk they are created and terminated on the fly to accommodate traffic. See this article if you want to get more technical.

I did find a good solution which is basically free for 1 year, and about $15/mo after that. It’s a combination of these parts:

  1. An Amazon Web Services account (free tier for 1 year)
  2. Bitnami Cloud Hosting, with their WordPress app installed
  3. Access to the zone records for your domain (optional, if you want to assign domain names to your blog and your CDN)

Amazon Web Services

If you haven’t signed up for AWS you can take advantage of their free tier. If your site isn’t wildly popular and doesn’t have a ton of traffic, it should cost between nothing and under $1 per month in the free tier. After signing up, look for AWS Management Console or Services  and Security Credentials.  You’ll need these for Bitnami and the CDN we are going to create. In the image above, we are going to use S3 and CloudFront for the next section.

Make Your CDN

Your CDN is where you will put all your images, video, sounds, etc that slow down loading. In your blog posts you should insert media with full http urls to their CDN locations, rather than on the server that contains WordPress. This will make a huge difference in wait times for loading content and media.

There are other ways to do this but I will detail the steps I used.

  1. Create an S3 Bucket
    1. In the Service menu, go to S3
    2. Click on Create Bucket and give it a name, then click Create
    3. Upload a file or some files into the bucket. Select your uploaded files and choose Actions > Make Public. This is necessary to make the files accessible
  2. Create a CloudFront distribution from your bucket
    1. In the Service menu, go to CloudFront
    2. click Create Distribution and choose Web and then continue
    3. click in the Origin Domain Name and you should see a pulldown. Choose the S3 bucket we just created
    4. If you want to add a custom domain name, like “cdn.arnoldbiffna.com”, you can do it in  the Alternate Domain Names (CNAMEs) field. You’ll need access to your domain’s zone records to point to the domain about to be created from this form
    5. scroll down to Default Root Object and type in “index.html” or “index.htm” if you have folders of static html content you’d like to put on the CDN
    6. click on Create Distribution
    7. In the list of CloudFront distributions, you should see a domain name like d123xyz213987iu.cloudfront.net. The first of three parts “d123xyz213987iu” will be something unique to your CDN. If you uploaded a file say, “logo.jpg”, you’d now be able to access it as d123xyz213987iu.cloudfront.net/logo.jpg.
    8. If you want to use a custom domain name like “cdn.arnoldbiffna.com”, map a cName to the one we just created in your domain’s zone records. Then you could access your files like cdn.arnoldbiffna.com/logo.jpg. You might have access to this in the settings for your web hosing or domain management.

What you’ve now done is created a CDN. What ever you put in your S3 bucket will get copied to several “Edge” locations around the world for faster access to all your users. Keep in mind with CDNs, you should not update your files, simply upload new versions with different names.

 Create a Cloud Hosted Server with WordPress on Bitnami

Next, you’ll want to create a free account at Bitnami. What we are going to do is use your Security Credentials from AWS to launch a pre-built server with WordPress added on.

  1. To begin, click on Console
  2. click Create a Server
  3. Next, enter in your AWS Security credentials: your Access Key ID and Secret Access Key. You can find these in your AWS account in the main menu under Security Credentials
  4. Choose a Default Location closest to the majority of your audience. The default choice (U.S. East Coast Virginia) is free but the others may cost more. The N California location is closest to Los Angeles, but I chose Oregon as it was much cheaper, and relatively close.
  5. Make a password and continue.
  6. In the New Server dialog, begin by giving it a Name. It should match the Domain Name that will be yourName.bitnamiapp.com
  7. The first option I changed is the default Operating System, Ubuntu. I switched to a 64 bit Amazon Linux, because I think Ubuntu has a lot of extra services and features I won’t be using. My theory is that the  Amazon Linux should perform slightly better.
  8. Next, I clicked on Add New Application and searched for wordpress. Click the checkbox and OK.
  9. Now, click on Application Options and fill out the information in both tabs. The Email Configuration is important since WordPress will use this for notifying you of comments, as well as using contact forms and other communications. I used the SMTP info for Yahoo for my email.
  10. Optional – the options under Micro will allow you to add more power ( and costs ) to your server. This would be useful if you will be redirecting heavy web traffic here
  11. Click on Build and Launch
Server Management

In a few minutes you should be able to access your blog. Bitnami’s Dashboard has several options for managing your server afterwards, such as adding a custom domain, adding other apps than WordPress, and making backups.

I recommend backups. They may incur a small cost ( under $1), but if you are putting hard work into your blog, it would be nice to restore not only the content, but all your server and app settings, plugins, etc as well. If you want to map a custom domain like I did in the image above, you will need to access your domain zone records. Notice I also made a subdomain for the CDN, which comes in handy if you want to switch CDN providers in the future.

Now the images and videos in my blog posts can come from cdn.arnoldbiffna.com/someimage.jpg instead of the default, cryptic domain names. Also, in the future, I can use a different CDN provider and not have to change my blog urls.

WiFi Re-Broadcasting with Intel’s My WiFi

When the family and I stay at hotels, the internet wifi charge per device, per day can really add up. Paying for 2 laptops, 2 phones, and a tablet can be a bit too much. I always thought it would be a great idea to connect one device, and share it to other devices by creating a new wireless network of my own. I looked for solutions to this and wasn’t content with having to use a wired (ethernet) connection in order to share, since some hotels now only have wireless.

Then one day I decided to Google the “Intel My Wifi” feature on my Dell PC Laptop, and realized it might be the answer – it was!

How does it work? While my laptop is connected to the hotel room’s WiFi, I can share the connection by creating my own wifi network on the same laptop. Then, other devices can then connect to my new wifi connection (instead of the hotel room’s wifi). What I like better about this solution is:

1)  your devices do not need to be paired (bluetooth)

2) WiFi to WiFi enables you to share internet in almost all hotels

3) you do not have to pay $60/day for internet!

I won’t go into details about how to set it up, other than there should be an icon for it on the task bar ( for Windows PCs). Right click and explore the options, and it should be self explanatory. By the way, Intel My Wifi is a hardware solution and is not commonly available on all laptops.