The Sherlock Holmes Handbook for the Digital Age

CHAPTER EIGHT

Down the Rabbit Hole

The rain lashed the window-panes of the cosy sitting-room in Baker Street and outside the wind set up a dismal howling. Mrs Hudson had laid out a tray of cold roast beef with some bottles of beer. The fire had settled back to a toasty red glow and all was right with the world.

“Did you bring your laptop, Watson?” asked my friend, leaning back luxuriously in his armchair

I fished the case out of my bag and lifted it up for Holmes’ perusal.

“I see you have foregone Apple on this occasion and opted for a very reasonable Sony VAIO employing the Windows operating system. Any particular reason for that?” he asked.

“Cost primarily. Apple Macs being dashed expensive. Is anything wrong with it, Holmes?”

“No, not at all.”

“So far, Holmes, our little foray into the digital world has left me unsure of myself and feeling generally troubled.”

“In what way, Doctor?”

“I should have thought that was obvious, Holmes.” I opened the screen and called up a new Word Document. “You have demonstrated just how simple it is for any of us to be spied upon – by governments, the corporate giants, the criminals and the insane – not to mention fleeced for cash at every turn and generally interfered with.”

“Quite so.”

“But I must confess, Holmes, that this whole affair has left me feeling violated and ill-prepared to venture out into the Internet again.”

My friend stood upright and laughed. “Take stock, Doctor,” said he, placing a large hand upon my shoulder. “We have identified those that threaten us. We are alert to their tricks and ploys. Now it is time to turn the tables, to put ourselves out of harm’s way by being invisible to them.”

“Right you are, Holmes.” I returned to my VAIO, somewhat relieved.

“Which browser do you employ on your laptop there?” indicated my friend.

I had to quickly check as I had no idea up until then that there was any great difference between them. Finally I declared, “Microsoft Explorer.”

“Forget it,” said Holmes. “You can’t remove it, so just leave it alone except to say you should use it only occasionally for very simple things like checking the headlines and looking up recipes.”

“So what should I do?”

“These days, Watson, many people are concerned about the lack of privacy online. They are perturbed by this web of countless radiations that penetrates our lives from cradle to grave. Therefore, we must concentrate on selecting the right tools from the right people. Again, these are generally free and open-source. We must begin with the browser.”

Holmes took a few lengthy strides until he was looking out of the window. “Adding, of course, that we have already installed anti-virus protection because what follows now adds a belt to our braces.”

“Got you.”

“For your all-important browser, Watson, you must install something less intrusive and more security conscious. I recommend Mozilla Firefox and it works on all systems.”

I set to immediately. “Installing now, Holmes.” I declared.

“We are going to get a little technical now, Watson, but – as before – nothing that you cannot handle. Let us begin with the Firefox Settings.” Holmes crossed the room and leaned over my shoulder.

“Look for the Firefox logo in the corner. Select Options/Options. Here we now see a small dialog box. Open Privacy. Now tick the option Tell websites I do not want to be tracked. Also untick Accept cookies from sites. This will keep basic Cookies out of your system.”

“Sounds good, Holmes.” I clicked away.

“Under Security, tick Warn me when sites try to install add-ons. Remove all exceptions. Tick Block reported attack sites. Tick Block reported web forgeries. This will guard against Drive-By Downloads. Now untick Remember passwords for sites – for obvious reasons.”

I acted as Holmes prescribed. “Continue,” I finally encouraged.

“On the Advanced tab, under General tick Warn me when websites try to redirect or reload the page,” nodded Holmes. “Under Network tick Tell me when a website asks to store data for offline use. This will limit your appearances in databases.”

“Sorted.”

“On your new browser, Watson, you have a Private viewing option. Click in the top right-hand corner. You are looking for the Menu. Now select New Private Window.” Holmes stepped back into the centre of the snug living room.

“Ah, ha,” declared I. “I now see here a purple-coloured page with the words Private Browsing with Tracking Protection. What are its’ benefits, Holmes?”

“One’s browser, dear fellow, will give away all the important details of a person,” said Holmes.

“The normal browsers store everything you do – from your downloads, what pages you visit, which chat rooms, the photographs you upload, together with the when and for how long each time. Not to mention all the passwords and location data. This is all grist to the databases, Watson, the State snooping and targeting advertisements.”

My friend began to look around the room, on the prowl for an amusing distraction. He finally turned back to me. “The less information you have on your browser, Watson, the safer you are – especially if somebody were to sneak about.”

“I imagine, Holmes, that this Private facility would be especially useful in a family situation where more than one person has access to a particular device. A person might accidentally login to another’s Facebook or Twitter account in the ordinary course of events.”

“Precisely, old chap. This way your Internet session is wiped clean the instant you close the Firefox Private browser.”

I nodded understanding.

“Just suppose that you were buying a Christmas present for your delightful new friend. In the absence of Private browsing, she might be on Amazon looking for some Liz Earle make-up when she stumbles upon your activities, rendering all element of surprise adrift.”

“Good gosh, Holmes. I hadn’t thought about that.”

“And that is why, Watson, in some circles this facility is known as the porn portal.”

Holmes suddenly made directly for the violin case. I had just enough time to clamp my jaws tightly shut before he began a laborious draw on the bow, setting the china to rattle on the shelf. He speedily came and seated himself once more.

“Another benefit of Firefox, old chap, are the free add-ons one might attach. One essential is DownThemAll which allows a person to download a thing whilst keeping all of his security settings in place. It can also speed things up a bit, too.”

“And where might I get that, Holmes?”

“There is only the one place for add-ons, Watson. Search firefox + add-ons and take your pick from within the Mozilla domain. There are free apps here that block advertisements as well as Cookies, and many privacy and security applications, including Blur which issues an alert whenever someone attempts to track you.”

Holmes closed his eyes and scrapped carelessly at the fiddle which was thrown across his knee. “And, old fellow, we must not forget to mention search engines.”

“I was wondering when you might get to that, Holmes. You appear to sneer at the mere mention of Google.”

Holmes cackled and scratched a sour note. “Yes, old boy, I do have an aversion to search engines that store every question one asks and then makes that data available to the commercial world or to tools of the State upon request and without the benefit of a court order.”

Holmes scrapped some more. “Besides, there are plenty of equally good alternatives that will not keep any record of your activities. I favour duckduckgo.com – probably because I like the name.”

Holmes stroked some more at his fiddle, conjuring up flocks of migratory geese bound for warmer climes.

“If one were serious, my friend, one would altogether ditch the Microsoft programs that came bundled with your machine. They leak like sieves.”

“Really?” I wondered, looking down at my screen and hazy notes.

“Stop using Word and go for the Open Office Suite – same thing, just costs nothing. Do not use Windows Media Player, search for VLC media player instead. And don’t trouble yourself with Adobe’s Acrobat Reader. It simply cannot keep a secret, so look up Foxit PDF Reader instead.”

Holmes lifted his bow and began to scratch with it at a point on his neck before pressing on.

“And then, of course, one needs a reliable VPN – the old Virtual Private Network. Sad to say, Hotspot Shield – whilst ideal for mobile devices – is not suited to laptop or desktop computers. One must invariably push the boat out here and pay up a fee.”

Holmes continued to scrape.

“But, Watson, I am loath to make a specific recommendation. However, that said, one should – in selecting a suitable VPN – ensure that you select one which does not hand over your data to anyone who asks, otherwise they are in no way ‘anonymous’. The best bet is to search recommended secure vpns and, once again, take your pick. Got that?”

As I nodded confirmation, Holmes thankfully put the fiddle aside, sat back in his chair and crossed his legs with a decisive air.

“With a good VPN, Watson, one might pretend to be anywhere on the planet. Already we have gone a long way in shoring up our defences. With the VPN we obscure our identity and location.”

“You have helped set my mind at rest,” I assured my friend.

“Instead of sitting here in a cold, windy London, one might be in Tegucigalpa eating a spicy baleada and knocking back an ice-cold Port Royal in the shade of a lofty pine tree for all any inquisitive government spook or advertising algorithm might know.”

“Got you, Holmes.”

“What say you – my friend – to a bite to eat? Mrs Hudson has done us proud. And then, perhaps, we might take this up a notch and start applying some serious security measures.”

I was just beginning to nod off when I was aware of a soft step on the stair and then a timid knock. Mrs Hudson pressed open the door and peered in at us. “Should you like me to clear up now, Mr Holmes?”

“If you would be so kind, Mrs Hudson. Did you bring my onion?”

“I have it right here, sir.” She handed Holmes a small plate and paring knife and was careful not to let the onion roll off onto the floor.

As soon as we were alone again, Holmes began to examine the onion – turning it this way and that, as if his sheer willpower might penetrate deep within its papery skin.

“Watson, I would like to introduce you to Tor – The Onion Router.” Holmes held up the large, reddish bulb. “We are about to enter the world of Hidden Networks, the other Internets that I have spoken of.”

I roused myself and sat up in my chair, showing Holmes that he held my fullest attention.

“Onion routing is a technique for anonymous communication over a computer network, Watson. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion.”

“In layman’s terms please, Holmes,” I bid.

My friend assented and held the onion firmly in one hand and, by use of the paring knife, cut deep into its milky white flesh.

“Be careful not to hurt yourself, Holmes,” I cautioned.

Holmes pulled the onion into two separate halves and showed them to me.

“Think of each layer – each individual skin – as a separate layer within the Internet. When your encrypted message hits a new layer, there are so-called ‘network nodes’ that peel back the layer allowing you to pass through. The layer then reseals itself.”

Holmes placed one half of the onion on the rug at our feet and then stabbed gently into the remaining half in his hand.

“The data that you send – any request from your computer – passes through multiple levels until it reaches its destination,” explained Holmes, tunnelling the knife deeper into the flesh.

“As you arrive at each new layer, that node only knows the layer to either side of it. It cannot tell where your request came from nor where it is ultimately going.”

I gasped. “This is all so fiendishly complicated, Holmes. But, if I understand you correctly, then the signal that I send is masked in the manner of a curtain at every waypoint along its journey.”

“Yes, my friend, you have grasped the concept neatly. And each one of these nodes might be anywhere on the planet. Your request is bounced around like a tiny silver ball in a global arcade machine.”

“That is rather a lot of analogies to take in all in one go, Holmes,” said I. “But how might I use this onion network and how did it get there in the first place?”

“If you think back, Watson, the original aim of the Internet was to provide a means of communication in the event of a nuclear war. It worked by connecting hundreds of computers together and – if any part of that network went down – messages would automatically re-route to the remaining computers.”

“Vaguely.”

“Well, my friend, once they had that up and running, it was only natural that the spies, the military and the diplomats would want their own secure Internet. Thus, Tor was born.” Holmes gave a little chuckle.

“In time, of course, word got out and now all sorts – journalists, aid workers, human rights activists and criminals, of course – use Tor for their secure communications and other secret online activities.”

“And how does one enter this onion network?”

“You recall the Firefox browser that you configured before lunch? Well, I have something very similar for you – and once again it is free and open-source. Search tor + firefox bundle and set it up the way you did earlier, being sure to include the same add-ons as before.”

Holmes got up from his chair and began to scout around the room again while I set about downloading and setting up the Tor browser.

In time, a pale green-coloured page popped up on my screen bearing the words, Congratulations. Your browser is configured to use Tor… You are now anonymous and free to explore the Onion Network or branch off to the Surface Web.

“Looks like I’m ‘in’,” I declared, sitting back and marveling.

Holmes strode towards me and peered intently over my shoulder. I looked up at him, feeling rather pleased with myself.

“Watson, you now hold in your hands the most singular weapon within our arsenal. With this, my friend, you can safely mask both your identify and your location. Nobody need know who you are or where you are.”

“Good heavens, Holmes. Is this to say that I am now truly invisible?”

“You are, Watson, but with certain provisos. Trust me when I say that absolutely nothing is one-hundred percent safe or secure. That said, if we apply our own layers of secrecy at every turn then we are dashed difficult to find.”

“But is this not what the VPN is for?”

“So right you are, Doctor. But the VPN is just one of our multiple layers. From now on, whenever you activate Tor, be sure to activate your VPN first. That way your Internet Service Provider or anyone snooping on your network will be left in the dark. They will not even know that you are on the Tor network. You will have slipped under the radar.”

“I see.” I thought.

Holmes now leant across me and pointed to the top left-hand corner of my screen. “Click that ‘S’ symbol beside the Onion logo you see there, Watson. This is vitally important. Now select Block scripts globally. Well done. You are all set to go.”

“And where shall we head, Holmes?” I asked expectantly.

“The Volunteer,” announced my friend, taking me aback. “I detect a break in the rain. A few brisk steps and we shall have the change of scene that I now require.”

The Volunteer was surprisingly busy for an early Tuesday evening. While Holmes pressed his way through the throng at the bar to order us a pint each of Hacker Pschorr, I located a quite table in the corner just as it was being vacated.

“Watson, you are a man of infinite resource,” declared Holmes approving my choice of table some short time later. “Cheers.”

We passed our time in pleasant conversation of the general sort. When I returned to our table with a fresh round in hand, Holmes leant towards me conspiratorially.

“Let us imagine now that you are a whistle blower, Watson. You have access to some terrible secret and you want the world to know about it but you don’t want to get caught.”

“Right you are.”

“In an idea world, we would meet in a pub much like this, at a nice quite table and you would hand over your incriminating documents in an envelope.” Holmes held up a boney and portentous finger.

“But that world has long gone, my friend. For starters, how would you arrange to meet a journalist, say, in the first place?”

I scratched my head. “I imagine in the old days I would ring the fellow up and arrange to meet him. But these days I would probably only get through to voice mail and waste my time. I might email him but I doubt if that would work either. What should I do Holmes? I imagine I need something more cloak and dagger.”

“So right you are, Doctor. Today’s journalists are under permanent surveillance.”

“Really?”

“But of course.”

“You are talking of the intelligence services, I assume, Holmes.”

My friend sat back in his chair and chuckled. “It is not just the intelligence agencies and law enforcement that today’s hack should worry about, Watson. All kinds of people have a vested interest in knowing about the reporter’s next story – individual criminals and criminal organisations, political parties and extremist groups, law firms and the corporate giants.”

“Given their easily-had capabilities, Holmes, I imagine that these groups would be stupid if they did not.”

“Precisely. Journalists have contact with politicians and activists, they have their finger on the pulse – one should hope – and they are capable of causing all kinds of trouble both to governments and to corporations. An adversary will monitor all his or her online activities and read their email. They will see who their contacts are and they will start to monitor them, too.”

“Yes, of course.” I helped myself to the open packet of crisps on the table. “So what are my options, Holmes?”

“Well, my friend, you might want to by-pass the journalist entirely, simply because the risks are too high.”

Holmes’ hawk-like eyes scanned the immediate area around our table. He lowered his voice. “Let us also assume, Watson, that you have the data in digital format somewhere.”

I rubbed my chin and then declared, “Let us say that this data is on one of those tiny USB thumb drives.”

“Now you are thinking, Watson. And this is where Tor comes in.”

“I was hoping that you would get to that, Holmes.”

“Tor has two prime functions. It allows you to travel the Surface Web with a very high degree of anonymity but it also works as a portal to the dark side.”

“You are talking of the Deep Web or Dark Net that I keep hearing about, Holmes?”

“Precisely. Tor can take us to a parallel Internet much like the one you use every day with all the usual features. But this is a world hidden from view – way below the surface – and here you will find many secret discussion boards and anonymous file hosting sites.”

“Really?”

“With a little bit of cut and pasting, you can upload vast quantities of text and images without leaving any trail back to yourself. You then post the link to the hosting site on a discussion board where lots of like-minded people will see it. Then, Watson, you can wash your hands of the whole affair, knowing that the terrible secret is now out there.”

“What should I do with the thumb drive?” I asked.

“Throw it in the Thames. Burn it first or run a powerful magnet over it. Wipe off all fingerprints.”

“But just suppose, Holmes, that the data were somehow on my computer. How might I dispose of it then? I can’t just delete the thing, surely?”

“As luck would have it, Watson, there are plenty of free, open-source shredding tools. Get one with a good reputation, such as Evidence Nuker.”

“But what say, Holmes, that I needed to get this data to a specific person? What might I do then?”

“I see. Let us assume that you want to approach a specific journalist and that you have her office email address. For obvious reasons, you will not be using your usual email. Use Tor now as your browser. Employ the VPN. Search on duckduckgo.com for an email re-mailing service such as the delightfully-named AnonyMouse and compose a message there. At the same time grab a temporary email address from the Icelandic company unseen.is.”

I needed to pause my friend for a moment. “Re-mailer, Holmes?”

“Yes, Watson, just like regular email but these strip off any codes that might identify you and add new ones all along a torturously complex journey. When the email arrives at its destination, there is no way that it can traced back to you.”

I was impressed.

“With this email, whet their appetite about the terrible secret – without naming any actual names or places – and enclose a link which takes them to an online self-destructing messaging system such as PrivNote where you can explain in more detail. At this stage, give them your new unseen email address.”

“Self-destructing messages,” I mused. “What an excellent idea.”

“So they are, Watson. PrivNote is a free app that allows you to compose a message that will promptly self-destruct once read. PrivNote generates a link which you pass on via email or personal messaging. You can also ask PrivNote for a read receipt.”

“I imagine, Holmes, that the sheer thought of a self-destructing message should have most journalists salivating.”

“Correct. Now you have her attention, Watson, use another PrivNote to explain Tor if she does not know already and provide a link to the secret file store on the Tor network. You should also lock the document or file with a good password. Also, be careful how you name any document. Don’t call it Top Secret. Give it the name of something that nobody will ever want to read, Watson. Call it GrandmasGoatHeadSoup.doc or MyDissertation.PDF.”

“And if I wanted to communicate with her? If I needed to discuss terms or what-have-you?”

“Then use PrivNote or its Deep Web equivalent NoteBin. But keep moving around, keep changing email addresses, and ensure all messages are destroyed as you go.”

“Could I not just send her an encrypted email? I hear that they are very good.”

“You could, Watson. But herein lies yet another problem.”

It was just then that Holmes drained his glass and indicated that I might catch up. He wiped his lips and continued, “Let us assume that you both have state-of-the-art encryption such as PGP – which stands for Pretty Good Privacy. You can look it up online.”

“Possibly.”

“The trouble is, my friend, that whilst encrypted messages cannot be intercepted and read in transit, they are none the less rather too conspicuous while they travel about. Agencies like the NSA and our own GCHQ scour the Internet for encrypted documents on the basis that if it is encrypted then somebody must be wanting to hide something.”

“Why, of course they would.”

“And if they were sufficiently interested, they can simply compel you to hand over your encryption keys – and all is lost.”

“Suppose I did not want to hand over my encryption keys, Holmes? Suppose I demanded by basic human right to privacy?”

“Then they would laugh in your face, my friend. They would cite the war on terror and their new mandatory disclosure laws and oblige you to cough up your keys or face a similar penalty to that of carrying around an unlicensed firearm, such as our very own handgun.”

“So I can forget encryption then, Holmes?”
“Not entirely, Watson. If everybody were to employ end-to-end encryption – meaning all their data were scrambled as it travelled around – then people like you and your journalist would not stand out from the crowd. Only when that day comes will encryption be truly safe.”

“And can they break encryption?” I needed to know. I drained my glass and put it back on the table.

“I think that it is fair to say, Watson, that if the NSA could break the most sophisticated encryption, then the mathematical world would soon get to hear about it and then so would the rest of us.”

Holmes was already out of his chair and urging me to follow along.

“So, my dear Doctor, encryption is fully capable of doing the job it is designed for and, to that end, it is generally secure. That said, we must only ever use open-source programs. There is no telling if the spooks have not put ‘backdoors’ in the products of the major corporations.”

“What a tangled web to be sure, Holmes. And where are we off to now?”

Holmes took me by the arm. “Is it nearly eight o'clock and tonight is Wagner night at Covent Garden. If we hurry we might be in time for the second act.”