Privacy concerns

Written on 13 November 2015, 09:44am

Tagged with: , , ,

This is another post in the weekly links series, with all the links below grouped by a common topic: privacy.

First, a post that explains why you should be concerned about it:

If the federal government had access to every email you’ve ever written and every phone call you’ve ever made, it’s almost certain that they could find something you’ve done which violates a provision in the 27,000 pages of federal statues or 10,000 administrative regulations. You probably do have something to hide, you just don’t know it yet.
[…]
How could states decide that same sex marriage should be permitted, if nobody had ever seen or participated in a same sex relationship?
Wired: Why ‘I Have Nothing to Hide’ Is the Wrong Way to Think About Surveillance

Then, a post about the day-to-day implications of the facial recognition:

Obviously, facial recognition is here to stay. The convenience factor for consumers and the data mining potential for big business are too compelling. The erosion of privacy is unfortunately like sea level rise. We know it’s happening, we know the consequences, but we’re either powerless or unwilling to act in our best, long-term interests.
PetaPixel – The Unsettling Future of Facial Recognition

Third, a thought about the future of the Internet and how it could better protect our privacy:

It’s easy to forget that because of its short life, the Internet has actually changed many times over the last 30 years or so. It started in the ’70s as a military project, morphed in the 1980s to an academic network, co-opted by commercial companies in the ’90s, and then invaded by all of us via social media in the noughties, but I think it’s going to change again. And I think things like the dark net markets — creative, secure, difficult to censor — I think that’s the future.
And the reason it’s the future is because we’re all worried about our privacy. Surveys consistently show concerns about privacy. The more time we spend online, the more we worry about them, and those surveys show our worries are growing. We’re worried about what happens to our data. We’re worried about who might be watching us.
Jamie Bartlett TED Talk How the mysterious dark net is going mainstream

Yesterday, the BBC reported that the FBI allegedly paid an US university to launch an attack on the Tor network:

Anonymity network Tor, notorious for illegal activity, has claimed that researchers at US Carnegie Mellon university were paid by the FBI to launch an attack on them.
“This attack sets a troubling precedent,” the Tor Project wrote. “Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities,” it added.
BBC – FBI accused of paying US university for dark net attack

Finally, a very recent interview with Edward Snowden, where he explains a little bit about the tools that you can use to protect your online privacy:

If you interact with the internet … the typical methods of communication today betray you silently, quietly, invisibly, at every click. At every page that you land on, information is being stolen. It’s being collected, intercepted, analyzed, and stored by governments, foreign and domestic, and by companies. You can reduce this by taking a few key steps. Basic things. If information is being collected about you, make sure it’s being done in a voluntary way.
Edward Snowden explains how to reclaim your privacy

lines

Weekly links #2

Written on 12 October 2015, 08:34am

Tagged with: , , , , , ,

Apple Camera?

I, for one, would love to see Apple develop an iPhone 7P. The “P” is for photography. Add back 2mm to the device’s profile, which would enable a larger battery, and install an even better camera (bigger lens, bigger sensor) for people who love photography. I would easily pay a $100 premium for the specialized device. I have to think they would sell more of these than the iPhone 6c.
The One Thing Apple Understands is Photography
plus 5 reasons Apple should make a professional camera

Jony-ive-leica-1200x904

An European alternative to Soylent:

Update, 1 month later: I could not get used to the taste. And I’m sorry about that, the prospect was extremely appealing 🙁

Eating a diet considered healthy by scientific standards is difficult. These requirements can only be met with a varied and well thought out diet.
We have developed a formula which combines all nutrients recommended by dietitians in a powder, which we call BERTRAND.
http://bertrand.bio/

spoon_powder

Security Keys

With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it’s you. However, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.
Using Security Key for 2-Step Verification

A few notes about security keys in general and YubiKey in particular:
– the security keys do not need batteries or mobile connectivity (as the cell phones receiving security codes)
– full YubiKey product lineup
– the blue YubiKey implements the U2F standard and works with GMail, Dropbox and GitHub
– the most expensive YubiKey version works also via NFC with the supported devices
– the other ones must rely on a recent Chrome version and on a device with an USB port
– if the security key is not available, the normal security codes (received on cell phones) still work
yubi keys

YNWA

PKI in 5 lines

Written on 24 March 2015, 11:28am

Tagged with: , ,

User 1 (Alice): generates private and public key, stores her private key in a secure location, sends the physical data to Registration Authority (RA) for verification
Registration Authority: verifies the user data and informs the Certification Authority (CA)
CA (the trusted authority): signs the Alice public key with its own private key (issuing a digital certificate) and publishes it
User 2 (Bob): looks up the Alice public key and verifies its authenticity with the CA
Communication: Bob sends Alice a message by encrypting it with Alice public key


At this stage Bob knows that the public key that he sees is really the one of Alice. But is it really Alice he is talking to? Here is how to find out:
– Bob asks Alice to encrypt for her a random message
– Alice encrypts this message with her private key
– Bob decrypts this with the Alice public key (which he knows it belongs to Alice because he trusts the CA)
– if the decrypted message is the same as Bob sent, then it must be really Alice herself
And this is how every SSL conversation begins 🙂

PKI in plain English (PPT, 0.7M)