Netflix’s solution to its problem is about to create a huge new one — for millions of people who aren’t trying to trick the service out of a Canadian show in the US. One year ago, UK-based GlobalWebIndex estimated that 54 million people use VPNs to watch Netflix every month (Netflix declined to comment to Variety on GWI’s numbers).
What Netflix is asking (er, forcing) its customers to do is, well, insane from a privacy and security perspective. That a company might insist you use 123456 as your password because it solves an internal problem for them sounds … ludicrous. Except that’s pretty much what Netflix is doing by disallowing widespread use of a security tool as critical as a VPN.
Archive | Privacy
NSA taking a stand in favour of encryption?
National Security Agency Director Adm. Mike Rogers said Thursday that “encryption is foundational to the future,” and arguing about it is a waste of time.
The Intercept: NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI »
Routers, a tool for Big Brother?
Routers, for example, capture ‘chatter’ from smartphones, tablets and wearables, including successful and failed attempts to log onto a network, as well as the time they attempted to connect.
In addition, routers capture a media access control (MAC) address from mobile devices, which are unique identifiers for each phone, laptop or tablet that try to connect to the network.
EFF @ 32c3: Crypto Wars Part II
Here is an interesting video from the 32c3 congress in Hamburg in December: Crypto Wars Part II — The Empires Strike Back.
Speaker: Kurt Opsahl, EFF
https://youtu.be/BweBCNBxJxM
Description:
Governments around the world are seeking to put a stop to secure end-to-end encryption, from the UK’s Data Retention and Investigatory Powers Act, to Australia’s Defence Trade Controls Act, to India’s draft proposal to require plain text copies of all secure messages, to the United States’ Federal Bureau of Investigation’s public pressure on global companies like Apple and Google to weaken their security and provide law enforcement access to plain text content.
Yet it is impossible to give these governments what they want without creating vulnerabilities that could be exploited by bad actors. Moreover any attempt to prevent people from writing and publishing strong encryption without backdoors conflicts with the right to freedom of expression enshrined in Article 19 of the Universal Declaration of Human Rights.
This presentation will address the history of crypto wars, update the audience with the latest information on government proposals from around the world, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will also include information about EFF’s effort to protect and promote strong encryption, including the Secure Messaging Scorecard, Encrypt the Web report and the Who Has Your Back reports.
The presentation will explain how the unintended consequence of these efforts to provide law enforcement unfettered access to communications for users’ privacy and the security of the Internet far exceeds the benefits that would be gained. The proposals are often made in the name of protecting national security, but are likely to have severe economic, political and social consequences for these nations and their citizens, while doing little to protect their security. Contrary to these government proposals, encryption has a critical role to play in national security by protecting citizens against malicious threats. The harm to the public that can be presented by lax digital security has been illustrated too many times: weak or flawed cryptography led to vulnerabilities such as Logjam and FREAK that compromised the transport layer security protocols used to secure network connections worldwide. Encryption is not only essential to protecting free expression in the digital age – it’s also a critical part of national security.
This presentation will address the history of crypto wars, update the audience with the latest information on government proposals from around the world, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will also include information about EFF’s effort to protect and promote strong encryption, including the Secure Messaging Scorecard, Encrypt the Web report and the Who Has Your Back reports.
Turning friends into threats
By HAX on January 6, 2016 in Big Brother, Data Protection, Data Retention, Facebook, Google, Privacy, surveillance
Some weeks ago there was some attention and upset reactions about the Chinese concept of “Sesame Credits”. It’s all about what you say, read, buy and do on the Internet. Your credit status then might decide if you can get e.g. a bank loan or permission to travel abroad.
Nasty indeed. But what make the whole thing really upsetting is that your credit status also will be affected by what your friends do online. This really is a diabolic tool for “social control”. (Video»)
It is easy to believe that it is only those communists in China and such anti-democratic regimes that could apply a system like this.
But, actually, most western democracies can easily do the same thing with data retention. This is a perfect tool for building sociograms. A sociogram is a map showing who is connected to who when it comes to the internet and telecommunications. How the authorities look at you can be determined by the friends you have (and by what friends they have).
So, even if you have “nothing to hide” — you still certainly do have something to fear.
And it’s not just about data retention. The same (or even more detailed) information is collected by Facebook and Google. It most certinly can be obtained by the authorities — and is probably also for sale out there. It would be very strange if various intelligence agencies don’t already have access to this information.
In this way, Big Brotherism is breaking down trust between people in our societies. And that is a very bad thing.
/ HAX
Why people should care
Robin Doherty: Why privacy is important, and having “nothing to hide” is irrelevant »
The normalisation of mass surveillance
By HAX on December 28, 2015 in Big Brother, Big Government, BND, Civil liberties, Data Retention, Democracy, EU, Germany, Human rights, Intelligence, NSA, NSA & Snowden, Privacy, surveillance, Sweden, Uncategorized, US
Once upon a time, there were rumors about a global surveillance network — Echelon. When the European Parliament decided to look into the matter, it turned out it did indeed exist. For years to follow there were rumors about US intelligence organisation NSA and its new capabilities to “collect it all”. And a few years ago, the Snowden documents exposed exactly that.
Then followed a state of resignation.
In 2013/14, it was brought to light that the NSA might have compromised the international clearing system for bank transfers, European run SWIFT. It’s a bit odd, as the US can have as much information about European bank transfers as they want, in accordance with the EU-US TFTP agreement. Newer the less, there were strong indications of something going on. This time the European police agency, Europol, didn’t even bother to look into the matter. In a European Parliament hearing Europol director Bob Wainwright explicitly said so. (The hearing is quite surreal. It’s all on video here. »)
In Germany, politicians softened their tone against the US/NSA when threatened with limited access to US intelligence. It also turned out that under the level of political polemic, the BND had been working very closely with the NSA all the time. And in Sweden, according to the Snowden files, SIGINT organisation FRA has access to NSA superdatabase XKeyscore. Swedish politicians (including the Greens, who are now in government) will not even comment on the legality of this.
The European Court of Justice has invalidated the EU data retention directive, finding it in breach of fundamental human rights. Never the less most EU member states are upholding (and in some cases implementing) data retention, leading national constitutional courts to object. But data retention fits well with US surveillance systems, so it seems to be less important if it is legal or not.
I could go on, but I better get to my point.
Politicians and intelligence bureaucrats are sending some pretty clear signals these days. They do not care about what is legal or not legal. They do not care if being exposed. They do not even comment on issues that ought to be fundamental in a democracy. The message is: This is the way it is. Live with it.
If there was ever need for a broad political movement against mass surveillance, it is now.
/ HAX
Crypto wars, the simple truth
By HAX on December 24, 2015 in Big Brother, Cryptography, Data Protection, Internet, IT security, Privacy, surveillance
“To put it bluntly: the call to provide law enforcement (or, anyone) exceptional access to communications and content poses a grave threat to the future of the Internet. It is simply not possible to give the good guys the access they want without letting the bad guys in. There’s nothing new or novel in this statement. Experts have been saying the same thing for 20 years. While the message is old, with the integration of Internet technologies into nearly all aspects of life, the stakes are higher than they’ve ever been.”
Meredith Whittaker and Ben Laurie: Wanting It Bad Enough Won’t Make It Work: Why Adding Backdoors and Weakening Encryption Threatens the Internet »
The real danger with state spy trojans
A state trojan is when a government authority places a secret, hidden spy program on your computer, smartphone, tablet or server. It can be used to monitor everything you do. No matter if you use encryption or safe messaging apps. What you see, the police and intelligence authorities will see. Every keystroke can be tracked, often in real time. All your files can be accessed. All your communications can be scrutinized.
And, in the words of the founder of state intelligence, Cardinal Richelieu… “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
Many countries are already using state spy trojans for surveillance. And others are to follow suit. At the moment countries like Spain and Sweden are trying to rush legislation trough.
State trojans are usually not used for mass surveillance. (But they can be.) At least not in most countries — where some sort or court order or other judicial process under the rule of law will apply before the trojan is being launched. So, the main problem in most cases is not about people’s right to privacy in general. This is targeted surveillance. But of course, it can be misused and/or used too generously.
The real problem is that state (and other) spy trojans will make our computers and entire IT systems vulnerable. In turn, this can be used by criminals, by foreign governments and by others interested in you, your communications and your data.
And what will happen when governments are using the same sort of tools as criminals? In the words of Amelia Andersdotter and Christer Spörndly… “The logical, and very disturbing, consequence is that there will be no incitement to identify and stop security vulnerabilities.” There are no security glitches only accessible for the government. If you leave a door open, it is open for everyone.
And to build these spy trojans, governments will have to use some sort of known security vulnerabilities. Or even worse, they might buy spyware from external developers — who also have other customers…
State spy trojans are a nightmare. They will make us all less safe.
/ HAX
The mass surveillance tipping point
By HAX on December 16, 2015 in Big Brother, Big Government, Human rights, Police state, Privacy, surveillance
Mass surveillance is getting more and more widespread, intrusive and extensive.
If we look at the bigger picture — the resemblance with totalitarian societies is getting rather obvious.
So, when will enough be enough? When will all of this become dangerous for real? Or is it already?
The entire notion of mass surveillance is dangerously close to the fascist concept: The all-embracing state controlling the lives of the people — in which citizens are not regarded as individuals, but are subordinate to the state.
A central problem is that the public is not allowed to know how mass surveillance is being used. Is it “only” a rather ineffective way to protect the people from real or imaginary dangers? Or is it being used to “collect it all” for the purpose of strengthening the government’s control and power over us? It seems politicians are not really that interested in telling us, are they?
Regardless, mass surveillance is a tool in the hands of the ruling political and bureaucratic class. And we know nothing about who those people will be tomorrow. Can we be sure that they will be somewhat democratic and fair people — forever? If not, we will have a very real problem on our hands.
But even with friendly, honest and democratic people in power — you can only have so much surveillance before it becomes dangerous, intolerable and unacceptable. Even with the best of intentions.
There is a tipping point somewhere between no surveillance and total surveillance. It might be in the future. Or we might already have passed it.
That is where the public debate on mass surveillance should be. But it’s not.
/ HAX