web analytics

4th National Day of Action Against C-51 (#RepealC51)

Originally published by the NAAIJ on June 13th 2015 under a Creative Commons 4.0 Attribution International License

(Image: Facebook)

Follow us on Twitter @NAAIJ
Like us on Facebook NAAofIJ

Over a quarter of a million Canadians spoke out against Bill C-51 (269,987 at time of writing) with thousands more expressing their concern every day as Canada goosesteps forward with Bill C-51 despite one of Canadas largest protests against it. With yet another National Day of Action to #RepealC51 planned for June 20th

The protest has the following simple demands

This is the full ‘Call to Action’ text from the Calgary Event Page

This month we raise our voices once again in opposition to Bill C-51, C-44, and the whole cacophony of other charter violating bills that have been released recently. This month we take to the streets with the following objectives in mind;
1. To repeal unconstitutional legislature that violates our charter of rights and freedoms.
2. Demonstrate that we will maintain our rights by gathering publicly to speak out as per our constitutional rights.
3. Make sure that the indigenous people of Canada have their voices heard and that their right to consultation without being discriminated against is maintained and demonstrated
4. Stop any fear mongering legislation that may be put in place in the future by showing its not wanted, and not needed.
Thank you, together lets kill these bills!

Here is a list of protest locations

Calgary Facebook Event Page
Edmonton Facebook Event Page
Halifax Facebook Event Page
Kitchener Facebook Event Page
Nelson Facebook Event Page
Sudbury Facebook Event Page
Vernon Facebook Event Page

Here are flyers I’ve observed

Stay tuned for updates.

Nigel Todman is an Independent Journalist, Technical Consultant, Social Activist, Web Developer and Computer Programmer from Ontario, Canada. Nigel is also the Assistant Webmaster for the NAAIJ. Add him to Facebook and/or Follow him on Twitter E-mail: nigel [at] naaij [dot] org [PGP] This article can be republished under a Creative Commons Attribution 4.0 International License, With a link back to this article and attribution to Nigel Todman and the NAAIJ


C-51 passes to the delight of not a single Canadian

Originally published by the NAAIJ on Jun 12th 2015 under a Creative Commons 4.0 Attribution International License

Follow on Twitter @Veritas_83
Add on Facebook nigel.todman.3

I have to admit, I’m a little surprised.

I couldn’t find even one Canadian to speak to me in support of C-51.

I spent the greater part of the day looking – taking a break for a few hours to participate in a Town Hall on the Future of the Internet by OpenMedia.

During this entire time a standing request for pro-C-51 comments has been floating around the pages of both the Conservative Party of Canada and the Liberal Party of Canada and various articles concerning the passing of C-51. (The CPC had at least double the time of the LPC, I wasnt seeking any specific ‘official’ supporters – Literally ANY Canadian)

The response? Silence. Absolute crickets.

Looks like I’ll have to resort to social media comments, of which there is only a few and they are all quite similar and very weak, What makes them so weak? Well, for starters, anytime you parrot the ideology of Nazi Germany Propagandists as a defense for actions or beliefs … You lose the argument.

Can you tell the difference between a 2015 Canadian C-51 Supporter and a 1940’s Germany Nazi Propagandist? Let’s find out.

“If your not doing anything wrong than you have nothing to worry about”

“If you’ve nothing to hide, You’ve nothing to worry about”

“People must have something to hide not liking this law”

“Unless you are a _____ist you have nothing to worry about”

“Thank God. It’s amazing how people get angry at this when the Government is actually doing something to stand up against people who are bent on destroying anyone who doesn’t think and believe like them. We have been tolerant long enough. I’m thankful that H__er is working at protecting our border.”

“I don’t feel my freedoms are being violated though. I just don’t. And that’s OK. I’m not doing anything illegal so I have nothing to worry about…”

“Heil H__er!! I agree with this law”

Plot twist. None of these are quotes of German Propagandists. They are all Canadian supporters of C-51. It’s pretty tough to tell the difference isnt it? In that last one, Just replace Heil with ‘Go’ and fill in the blank with Harper. You can find the original comments here

Believe me, I would have much rather written this article poking holes in any reasoned, logical argument in favor of C-51. Instead, We have this. (I dont really need to poke holes in these arguments do I? … I thought we did that in World War II)

This is what Hitlers Minister of Propaganda said after the “passing of the authorization bill in the Reichstag by an overwhelming majority of two thirds” that “clearly prove the legality of our action”

To critics of the bill, He said “I have nothing to hide and nothing to colour, for this young Germany has no reason to fear”.

It just sends chills down your spine doesnt it? That here and now, Today in Canada we have citizens proudly echoing such sentiments?

Bill C-51 passed the Senate by a vote of 44 to 28, Coincidentally, the same ratio as the Reichstag authorization bill. This, In spite of the quarter of a million plus (268,353 at the time of writing) Canadians that spoke out very vocally against the bill. Join the rest of Canada here

It shames me as a Canadian that current events bear so many parallels to one of the darkest times in recent human history. It disturbs me how little I had to work to make these so readily apparent comparisons. Indeed I’m not the only one making them. In my search for C-51 supporters I saw at least a dozen people took the time to take some of these Canadians aside and say ‘Hey listen, You know who you sound like right?’

Nigel Todman is an Independent Journalist, Technical Consultant, Social Activist, Web Developer and Computer Programmer from Ontario, Canada. Add him to Facebook and/or Follow him on Twitter E-mail: veritas [at] vts-tech [dot] org [PGP] This article can be republished under a Creative Commons Attribution 4.0 International License, With a link back to this article and attribution to Nigel Todman


Bill C-51 Supporters taking notes from Nazi Propagandists…

With C-51 stream rolling over the Canadian Charter of Rights and Freedoms and about to smash thru the United Declaration of Human Rights like Kool-Aid man, I took to Facebook to see how Canadians are taking it.

Where have I heard that before … Oh right.

“You have nothing to fear, If you have nothing to hide” Joseph Goebbels, Minister of Public Enlightenment and Propaganda 1933-1945 under Adolf Hitler

“An original source for the quote comes from a premise presented in the book written by Franz Kafka’s, The Trial. It was turned into a play many times since and in one of those play, unknown as to which one, the phrase was stated as “you have nothing to fear if you have nothing to hide” being a statement made by the prosecutor.

It is believed that Joseph Goebbels picked up the phrase from that play and used it skillfully numerous times in many of his local speeches. I have researched it and found that he made several such speeches and one of them occurred in the beginning of the Nazi propaganda efforts to root out the Jews within Germany, “admit you are Jewish and we will take care of you” was another such quote used in the propaganda.”


I’ve got a lot more to say on this. When I do publish an article on it, You’ll be able to find it here as well.

In the meantime, Help Kill Bill C-51 here


3rd National Day of Action to Stop Bill C-51 (#StopC51)

Originally published by the NAAIJ on May 26th 2015 under a Creative Commons 4.0 Attribution International License

(Image: Facebook)

Follow us on Twitter @NAAIJ
Like us on Facebook NAAofIJ

Canadians are speaking out as loudly as possible against Bill C-51 with yet another National Day of Action to #StopC51. The main focus of the protest is to highlight some very simple demands and gather/march in Ottawa. It is surprising we need to demand our Government do something as basic as affirm and uphold the Charter, And yet here we are. Those very simple demands are as follows:

A GoFundMe has been setup to assist with transportation costs from surrounding areas. At the time of writing it has reached $1,718 of its $2,000 goal. Donated funds will be used for: “Printing costs for posters and flyers, Equipment and art supplies for demonstrations, Secure travel”

An excerpt from the widely circulated Call to Action is as follows:

Enough is enough! Bill C-51 is part of a long string of initiatives to expand the government’s security powers and signals a dramatic new direction for Canadian security. Presented as anti-terror legislation, Bill C-51 creates excessive over reaching powers for security agencies, that will harm online innovation, political discourse, and our civil liberties.

The Conservative Government is rushing this bill through parliament without responsible parliamentary process. The actions of the government are degrading our democracy and our international reputation.

This bill disproportionately targets indigenous communities, environmental activists, dissidents, and Muslims, many of whom are already subjected to questionable and overreaching powers by security officials. Bill C-51 will make it easier and ostensibly lawful for government to continue infringing upon the rights of peaceful people.

“Bill C-51… is a dangerous piece of legislation in terms of its potential impacts on the rule of law, on constitutionally and internationally protected rights, and on the health of Canada’s democracy”
-106 Law professors from across Canada in and Open
Letter to the Government criticizing Bill C-51

Any government that would propose legislation that is unconstitutional and undemocratic does not have the moral authority to maintain power in a true democracy. Generations before us have defended the rights and freedoms that are now in jeopardy.

In response people from the four directions will march in solidarity on Parliament Hill on May 30th to #RejectFear and call on Members of Parliament to;

-Withdraw / Repeal Bill C-51
-Affirm and Uphold the Canadian Charter of Rights and Freedoms
-Honour the Treaties with First Nations and the Rights of Indigenous People
-Honour First Nations Right to be Consulted (Section 35)
-Stop racist legislation and fear mongering

Our security lives in our solidarity, standing together for our rights and civil liberties, not in legislation that creates secret police and secret courts. Bill C-51 does nothing to protect Canadians, it actually will make us less safe.

“The powers of CSIS have always depended on how a ‘threat to the security of Canada’ is defined, and section 2 of the CSIS Act already has an extremely broad definition. This has been interpreted to include environmental activists, indigenous groups, and other social or political activists. Concerns are heightened with the proposal to grant CSIS a ‘disruptive’ kinetic role.”
-Canadian Bar Association

#RejectFear and let’s stand together for the well-being of all the people on this land.

Here is a list of protest locations

Barrie Facebook Event Page
Calgary Facebook Event Page
Courtenay Facebook Event Page
Edmonton Facebook Event Page
Halifax Facebook Event Page
Kitchener-Waterloo (May 28th) Facebook Event Page
London Facebook Event Page
Montreal Facebook Event Page
Ottawa Facebook Event Page
Regina Facebook Event Page
Sudbury Facebook Event Page
Toronto Facebook Event Page
Vancouver Facebook Event Page
Victoria Facebook Event Page
Winnipeg Facebook Event Page

Some promotional videos as well as some flyers

Nigel Todman is an Independent Journalist, Technical Consultant, Social Activist, Web Developer and Computer Programmer from Ontario, Canada. Nigel is also the Assistant Webmaster for the NAAIJ. Add him to Facebook and/or Follow him on Twitter E-mail: nigel [at] naaij [dot] org [PGP] This article can be republished under a Creative Commons Attribution 4.0 International License, With a link back to this article and attribution to Nigel Todman and the NAAIJ


Hosting Update.

I have recently switched hosting providers. Users of a certain popular antivirus solution were erroneously blocked from this site. Users of that very same antivirus solution should notice this site loads just fine and is, in fact, virus free. Always has been. Always will be. It’s one of my many quirks.

On a related note, If your website has a virus, I can fix that for you.

It’s a shame us white hat professionals cant just get along and not block each others sites…

When I contacted the antivirus vendor they stated that the block wasnt due to any content on my website or even to my domain at all. NigelTodman.com, at the time, happened to reside on the same server as thousands of other websites. Much like it does again now, just on a different server. The ‘issue’ was a domain completely unrelated to my own, happens to use the same server/company that I used for my hosting, was at one time sending spam. As a result of this the antivirus vendor took it upon itself to block not just the offending website .. but every client on every server owned by that entire company and its resellers! I would figure at least a quarter of a million websites are blocked erroneously from the practices employed by this vendor, and thats just a very rough estimate.

I’ve since parted ways with the former hosting provider and this new provider thus far does not seem to suffer from the false positive fiasco. I think I will follow up with the former hosting provider and the antivirus vendor. Will be interesting to see If I can get some figures on how many domains they manage and how many abuse complaints they’ve received, I’m assuming domains that have never ever received a complaint (like this one for example) to be legitimate content and not malicious or spam.

Maybe if I inform said antivirus vendor that they are erroneously blocking and falsely stating websites are ‘dangerous’, Impacting millions of users and hundreds of thousands of administrators, webmasters and content creators, They would resort to more accurate practices.


Join the Thunderclap for a Basic Income!

Originally published at the NAAIJ on May 1st 2015. Check the North American Association of Independent Journalists for the latest updates.

Join the Thunderclap here

Follow us on Twitter @NAAIJ
Like us on Facebook NAAofIJ

The Thunderclap will post a message on your feed along with other supporters on
May 01 at 10:30AM EDT. All credit goes to Organizers: Redditors For Basic Income (/r/BasicIncome) & @2noame. The full text of the Basic Income Thunderclap Campaign follows:

What would you do with a monthly paycheck, separate and in addition to any other paycheck, earned for nothing other than citizenship and sufficient to cover your most basic needs? That’s basic income, and that’s what today should be about.

Popularly known as May Day or Labour Day, May 1st is currently a day to internationally recognize the contributions of the global labor movement
and its many struggles and achievements over the years. However, where unions once
empowered labor and gave us the 40-hour week and the 8-hour day,
globalization and advances in technology have severely eroded the ability of
unions to effect change

As automation of the workplace continues to the
tune of potentially eliminating half of all current jobs in the next 20 years,
and in addition eroding any sense of financial security or consumer buying power through the growth of part-time jobs, low-paid jobs, freelancing, and zero-hour contracts, unconditional basic income represents the ability to empower labor on
an individual basis. A newly gained ability to say “No” to employers
would have an undeniable effect on employee bargaining power for greater sharing of profits and better
wages, job conditions, hours, benefits, etc.

The achievement of basic
income would be the achievement of a new voluntary contract between employer and
employee, including the empowerment of the employee to become their own
employer by functioning as venture capital for the people. It would mean a new age of greater innovation, productivity, and entrepreneurship,
where all are finally free to pursue the goals they wish to pursue, and all work
could be recognized for its societal value, instead of only paid work
as it stands now. Isn’t it time we started recognizing all the important labor going unpaid?

Basic income is the future of the labor movement, and the policy we must all together now strive for in the 21st century.

There are many ways to support the idea and to help grow the movement for Basic Income. For one, take part in Basic Income Day by supporting this Thunderclap and by changing your profile photos on May 1st. Some more examples:

Join the growing global movement to create an income floor for everyone.

This is the century of technological emancipation from labor itself. We made it. We’re here. We need only actually embrace it. Unemployment is not something to fear. It is something to welcome.

Without basic income, on the 1st of May we celebrate Human Labour Day.

With basic income, tomorrow we celebrate Machine Labour Day.

Nigel Todman is an Independent Journalist, Technical Consultant, Social Activist, Web Developer and Computer Programmer from Ontario, Canada. Nigel is also the Assistant Webmaster for the NAAIJ. Add him to Facebook and/or Follow him on Twitter E-mail: nigel [at] naaij [dot] org [PGP]


New virus found spreading on Facebook.

(All links are safe to click, Everything not safe is purposely broken and unclickable)

UPDATE: I’ve ran the code inside a VM now

The original message had a filename of ‘video.html’ and was hosted at AmazonAWS.com – do not click on anything that is that if you receive such a message.

Inside the code there is a leak to a goo.gl shortened URL, This URL was created 10 days ago and at time of writing has 462,570 clicks. The URL redirects to http://facebook.com/profile.php?id= which will bring up the currently logged in users Facebook profile. You can view those statistics here

The virus first determines if you’re on mobile or not, then from there redirects to one of two pages, encrypted of course. I’ve unencrypted them for you here

The video.html sends the victim to tesirmt2 [dot] com/mobil.html on Android/Blackberry or anything that isnt Windows (or isnt able to run and is Windows)

That URL then forcefully sends the victim to the following site: mobile [dot] dollars4ads [dot] com/directclick/?&odata=YWlkPTMxNTQ0JnVpZD0xMzg4

Which in turn sends you into a blackhole of porn site redirects, First using a redirect script at the domain DateForSexyMoments [dot] com which loads what appears to be a landing page url at InstaBang [dot] com with the filename enter.php

This part appears to be solely for revenue generation, no exploit yet.

If on Windows and not blocked, A mockup of the YouTube Facebook page is then displayed.

I’m just now getting to the Javascript in this page. It is starting to look like this is where the Facebook propagation code is…

In this page there is a reference to the 33Across ‘Traffic and Monetization’ Platform in a JavaScript file called tc.js

Also on this page is a small.js …

I’ve been using FireFox w\ NoScript allowing the sites one by one, No exploit has triggered as of yet. Installing Chrome now.

What I’m trying to do currently is get the Video Controller request to fire, It looks like that is when the payload is dropped.

Of course on Chrome it fires right away.

Poorly worded broken english, Now we’re getting somewhere!

Cancelling the request puts us back to the start. And the background changes red as if to tell us we’ve done something wrong — Facebook does this all the time right?

Time to take the plunge, Installing malware… Now we get Green, Green means good.

It appears as if I’ve found the ‘Malware Campaign Control Center’ full of scripts and logs. Different loaders for different environments. Different campaigns and phishing attacks.

I’m going to contact a few people and hand this off now. I’ll add my passive analysis below.

From what I’ve been able to gather from my passive analysis prior to running in VM …

The exploit appears to target the Chrome Web Store, The clicks are entirely from systems using Google’s Chrome Web browser. The following unique string is passed in a webstore URL


This appears to be the Chrome Developer ‘ItemID’, This is stored in the variable ‘okkkkk’ and is called with the chrome.webstore.install() function.

That ItemID has been removed since it was discovered, A second message almost identical was sent about an hour later, Following the same methods a new ItemID has been discovered. (I’ve just reported it for abuse.)


Whether the victim is on a mobile device or not, The victim will be on Facebook (The link is sent over the Facebook service), in the body tag the function chromex(); is called which in turn calls chrome.webstore.install(), It appears as if a request to install a ‘Video Controller’ relies on social engineering inside the chromex() function. chromex() is called at every possible opportunity to do so.

Still have yet to find the code that causes it to propagate to other users on Facebook, Been using strictly passive code analysis so far. Might jump inside VM and allow an infection and examine some binaries and what I’m assuming will be an interesting Chrome extension.

If you found this writeup useful, Feel free to tip me some BitCoins at 18j2Env7QokhGG5MccS3LPBKnjsko6u4NQ


You can defeat mass surveillance, Here’s how (pictorial guide)

Originally published by The Fifth Column News on Mar 18th, 2015 under a Creative Commons Attribution-Share Alike 3.0 License.

Ft. Meade, MD (TFC) – Back in June 2014 I wrote an article; Don’t Ask for your Privacy, Take it back for the Reset the Net campaign.

“The hope of this campaign is to emerge in a post June 5th world with a more secure standard of communications.”

The only reason why mass surveillance works is because most of our communications are being sent in plain text, as easily read as you are reading this very article. Whether this is done willingly by the service provider or maliciously by the Government using devices and exploits without their knowledge, Encryption will keep (some of) your rights in tact, for now.

While I do admit there is a modest barrier to entry into the realm of secure communications, there is a number of ‘Out of the Box’ solutions emerging to attempt to reduce this barrier. I will detail these still in development solutions in the footer, and cover some of the more established solutions that require a small amount of setup next. (With a pictorial guide)

Secure instant messaging: Pidgin (w OTR plugin, Mobile users Get ChatSecure for Android or ChatSecure for iOS.)
Hide your IP (with exceptions!): Tor (Mobile users Get Orbot for Android.)
Encrypted GSM/SMS: TextSecure & RedPhone (Android only, iOS users get Signal 2.0)

On the complaints about Tor, Let me detail a few of the weakness that exist in Tor so that you may be able to understand its strengths. Tor was (initially) developed and funded by the US Government to give itself plausible deniablity for its own illegal and malicious actions against businesses and countries worldwide. If only the US Government used Tor it wouldn’t be very Anonymous, So it has to be a free for all to provide anonymity. That said, The Government doesn’t like supporting malicious actors other than itself. So, Darknet sites (The .onion network) were attacked. The reason this attack worked is for two reasons. One, Using Tor in a browser provides a wide attack vector via the Flash and JavaScript scripting engines. A script in Flash or JavaScript can report back the IP Address in the context of that code, before it passes over Tor. This is because the code is running locally in your browser and not on the server which does not know your IP address. Two, If every Tor node you are using is in fact owned by the US Government, a top-down view of all US Government nodes can in theory reveal your IP as an educated guess, but it is not conclusive.

Using Tor outside of a browser and not on the Darknet/.onion network will defeat this attack. Me personally, when I use Tor. I exclude all nodes that reside in a FVEY (Five Eyes) Member country. That is US, CA, AU, UK and NZ. I use an open source project called AdvTor to do this.

Pidgin is a messaging client that supports numerous protocols. The one I will focus on is XMPP, previously known as Jabber. The XMPP server I use is creep.im, You can add me using [email protected]. Here is a list of many XMPP servers.

There is no reason Pidgin shouldn’t be the MSN or ICQ of this decade. Most people have resigned to using Facebook for their messaging needs, But this is a horribly insecure centralized target for … pretty much everyone. XMPP allows you to use any number of servers in any number of countries to route your conversations thru, all with full encryption.

Here is a quick pictorial on how to get started with Pidgin (w OTR plugin

Click Add…

Fill out the form as shown below, using your own username and password.

I am using Tor in this example. Simply Install Tor and run it, The defaults will work. If you don’t want to do this, select ‘No Proxy’. The main benefit here with Tor (or any proxy) is maintaining your location security from whomever you selected to handle your chat (creep.im in the example).

If all goes well you will get this screen. This is your actual registration so remember your password.

Confirmation that all is well.

Add your first buddy. Feel free to add myself, [email protected] or the demo account I just made [email protected]

When someone adds you, This is what it will look like.

The OTR plugin gives further security by providing even more encryption and buddy authentication via secret phrases and questions. But even just using Pidgin over say regular Facebook is a huge improvement.

With the OTR plugin installed, Go to Tools -> Plugins in Pidgin, Select ‘Off the Record Messaging and hit ‘Configure Plugin’ – Now press ‘Generate’

If all goes well.

Now you will notice a new menu when chatting with Buddies and some new notices

There are a variety of methods of ‘authenticating’ a buddy. The simplest is ‘Manual Fingerprint Verification’ – For your first time encountering people, this is good. It will ensure that your communicating with the same person on the same machine you originally added.

Alternatively there is a secret question and answer. This is good for people you know well. If you know them well enough you won’t even need to tell them the answer :)

And thats all there is to getting started with Pidgin.

Want to use XMPP on your phone? Get ChatSecure for Android. iOS users get Signal 2.0

A project that is currently in development I’ve been keeping an eye on is uTox. It allows for sharing of your desktop, a webcam, pictures, or just regular chat. All securely with encryption by design. Even better is that it is ‘zero configuration’ – You open it and you start chatting. No account or signup or registration.

From their Github

“With the rise of governmental monitoring programs, Tox, a FOSS initiative, aims to be an easy to use, all-in-one communication platform that ensures their users full privacy and secure message delivery.


The goal of this project is to create a configuration-free P2P Skype replacement. “Configuration-free” means that the user will simply have to open the program and will be capable of adding people and communicating with them without having to set up an account. There are many so-called Skype replacements, but all of them are either hard to configure for the normal user or suffer from being way too centralized.”

Windows uTox Updater (installs uTox if it isn’t already)

You will end up with a ridiculously long ‘Tox ID’ – For example, mine is 1E64DB1DFAEA2DBDE2204826CE649DA8A6BEC90C93BA16B7F557228B48FF234A1CD1876F268C. You can make this more human readable at www.ToxMe.se My human readable Tox ID is [email protected]

Another project worth watching is BitTorrent Inc’s Bleep which is basically the same thing as uTox. Currently Bleep ‘looks’ better, but Tox has many more functions at the moment. Add me on Bleep with this slightly less ridiculously long string: 32969203ae7c11f935ea0b3b561656eed0d891d57da9ecf7641e91a50769cc69

Governments will eventually break these encryptions or make them ‘illegal’ and brand everyone using them a thought criminal and/or terrorist. But until that happens, Any one of these tools are effective ways to thwart mass surveillance and take back at least a little bit of your privacy. For now.

Check out my other article on mass surveillance. As well as some great talks from NSA Whistleblower Edward Snowden

Nigel Todman is an Independent Journalist, Technical Consultant, Social Activist, Web Developer and Computer Programmer from Ontario, Canada. Add him to Facebook and/or Follow him on Twitter E-mail: veritas [at] vts-tech [dot] org [PGP]