Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'surveillance'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 78 results

  1. MOSCOW - Edward Snowden, who exposed extensive U.S. surveillance programs in 2013, warned this week that Japan may be moving closer to sweeping surveillance of ordinary citizens as the government eyes a legal change to enhance police powers in the name of counterterrorism. "This is the beginning of a new wave of mass surveillance in Japan," the 33-year-old American said in an exclusive interview with Kyodo News while in exile in Russia, referring to a so-called anti-conspiracy bill that has stirred controversy in and outside Japan as having the potential to undermine civil liberties. The consequences could be even graver when combined with the use of a wide-reaching online data collection tool called XKEYSCORE, the former contractor for the U.S. National Security Agency said. He also gave credence to the authenticity of new NSA papers exposed through The Intercept, a U.S. online media outlet, earlier this year that showed the agency's surveillance tool has already been shared with Japan. Edward Snowden: Exclusive interview with Kyodo News 1 The remarks by the intelligence expert are the latest warning over the Japanese government's push to pass the controversial bill through parliament, which criminalizes the planning and preparatory actions of 277 serious crimes. In an open letter addressed to Prime Minister Shinzo Abe in mid-May, a U.N. special rapporteur on the right to privacy stated that the bill could lead to undue restrictions of privacy and freedom of expression due to its potentially broad application -- a claim the Japanese government has strongly protested against. Snowden said he agrees with the U.N.-appointed expert Joseph Cannataci, arguing the bill is "not well explained" and raises concerns that the government may have intentions other than its stated goal of cracking down on terrorism and organized crimes ahead of the 2020 Tokyo Olympics. The anti-conspiracy law proposed by the government "focuses on terrorism and everything else that's not related to terrorism -- things like taking plants from the forestry reserve," he said. "And the only real understandable answer (to the government's desire to pass the bill)...is that this is a bill that authorizes the use of surveillance in new ways because now everyone can be a criminal." Based on his experience of using XKEYSCORE himself, Snowden said authorities could become able to intercept everyone's communications, including people organizing political movements or protests, and put them "in a bucket." The records would be simply "pulled out of the bucket" whenever necessary and the public would not be able to know whether such activities are done legally or secretly by the government because there are no sufficient legal safeguards in the bill, Snowden said. Snowden finds the current situation in Japan reminiscent of what he went through in the United States following the terror attacks on Sept. 11, 2001. In passing the Patriot Act, which strengthened the U.S. government's investigative powers in the wake of the attacks, the government said similar things to what the Japanese government is saying now, such as "these powers are not going to be targeted against ordinary citizens" and "we're only interested in finding al-Qaida and terrorists," according to Snowden. But within a few short years of the enactment of the Patriot Act, the U.S. government was using the law secretly to "collect the phone records of everyone in the United States, and everyone around the world who they could access" through the largest phone companies in the United States, Snowden said, referring to the revelations made in 2013 through top-secret documents he leaked. Even though it sacrifices civil liberties, mass surveillance is not effective, Snowden said. The U.S. government's privacy watchdog concluded in its report in 2014 that the NSA's massive telephone records program showed "minimal value" in safeguarding the nation from terrorism and that it must be ended. On Japan's anti-conspiracy bill, Snowden said it should include strong guarantees of human rights and privacy and ensure that those guarantees are "not enforced through the words of politicians but through the actions of courts." "This means in advance of surveillance, in all cases the government should seek an individualized warrant, and individualized authorization that this surveillance is lawful and appropriate in relationship to the threat that's presented by the police," he said. He also said allowing a government to get into the habit of collecting the communications of everyone through powerful surveillance tools could dangerously change the power relationship between the public and government to something closer to "subject and ruler" instead of partners, which is how it should be in a democracy. Arguably, people in Japan may not make much of what Snowden sees as the rise of new untargeted and indiscriminate mass surveillance, thinking that they have nothing to hide or fear. But he insists that privacy is not about something to "hide" but about "protecting" an open and free society where people can be different and can have their own ideas. Freedom of speech would not mean much if people do not have the space to figure out what they want to say, or share their views with others they trust, to develop them before introducing them into the context of the world, he said. "When you say 'I don't care about privacy, because I've nothing to hide,' that's no different than saying you don't care about freedom of speech, because you've nothing to say," he added. Snowden, who was dressed in a black suit, said toward the end of his more than 100-minute interview at a hotel in Moscow that living in exile is not "a lifestyle that anyone chooses voluntarily." He hopes to return home while continuing active exchanges online with people in various countries. "The beautiful thing about today is that I can be in every corner of the world every night. I speak at U.S. universities every month. It's important to understand that I don't really live in Moscow. I live on the internet," he said. Snowden showed no regrets over taking the risk of becoming a whistleblower and being painted by his home country as a "criminal" or "traitor," facing espionage charges at home for his historic document leak. "It's scary as hell, but it's worth it. Because if we don't do it, if we see the truth of crimes or corruption in government, and we don't say something about it, we're not just making the world worse for our children, we're making the world worse for us, and we're making ourselves worse," he said. Article source
  2. Facebook Bans Devs From Creating Surveillance Tools With User Data Without a hint of irony, Facebook has told developers that they may not use data from Instagram and Facebook in surveillance tools. The social network says that the practice has long been a contravention of its policies, but it is now tidying up and clarifying the wording of its developer policies. American Civil Liberties Union, Color of Change and the Center for Media Justice put pressure on Facebook after it transpired that data from users' feeds was being gathered and sold on to law enforcement agencies. The re-written developer policy now explicitly states that developers are not allowed to "use data obtained from us to provide tools that are used for surveillance." It remains to be seen just how much of a difference this will make to the gathering and use of data, and there is nothing to say that Facebook's own developers will not continue to engage in the same practices. Deputy chief privacy officer at Facebook, Rob Sherman, says: Transparency reports published by Facebook show that the company has complied with government requests for data. The secrecy such requests and dealings are shrouded in means that there is no way of knowing whether Facebook is engaged in precisely the sort of activity it is banning others from performing. Source
  3. Legislation introduced today by New York City council members Dan Garodnick and Vanessa Gibson would finally compel the NYPD — one of the most technology-laden police forces in the country — to make public its rulebook for deploying its controversial surveillance arsenal. The bill, named the Public Oversight of Surveillance Technology (POST) act, would require the NYPD to detail how, when, and with what authority it uses technologies like Stingray devices, which can monitor and interfere with the cellular communications of an entire crowd at once. Specifically, the department would have to publicize the “rules, processes and guidelines issued by the department regulating access to or use of such surveillance technology as well as any prohibitions or restrictions on use, including whether the department obtains a court authorization for each use of a surveillance technology, and what specific type of court authorization is sought.” The NYPD would also have to say how it protects the gathered surveillance data itself (for example, X-ray imagery, or individuals captured in a facial recognition scan), and whether or not this data is shared with other governmental organizations. A period of public comment would follow these disclosures. In a press release, the New York Civil Liberties Union, which has been instrumental in fighting to reveal the mere fact that the NYPD possesses devices like the Stingray, hailed the bill: Public awareness of how the NYPD conducts intrusive surveillance, especially the impacts on vulnerable New Yorkers, is critical to democracy. For too long the NYPD has been using technology that spies on cellphones, sees through buildings and follows your car under a shroud of secrecy, and the bill is a significant step out of the dark ages. It’s unclear whether the bill would apply to products that have both powerful surveillance and non-surveillance functionality, a la Palantir, but the legislation’s definition of “surveillance technology” is sufficiently broad: The term “surveillance technology” means equipment, software, or system capable of, or used or designed for, collecting, retaining, processing, or sharing audio, video, location, thermal, biometric, or similar information, that is operated by or at the direction of the department. Though the bill might do little to curb the use of such technologies, it would at least give those on the sidewalk a better idea of how and when they’re being watched, if not why. The NYPD did not immediately return a request for comment. By Sam Biddle https://theintercept.com/2017/03/01/new-bill-would-force-nypd-to-disclose-its-surveillance-tech-playbook/
  4. The Tor Project, responsible for software that enables anonymous Internet use and communication, is launching a new mobile app to detect internet censorship and surveillance around the world. The app, called “OONIProbe,” alerts users to the blocking of websites, censorship and surveillance systems and the speed of networks. Slowing internet speeds down to a crawl is one way governments censor internet content they deem illegal. The app also spells out how users might be able to circumvent the blockage. Ooni on the iPhone Operating under the Tor Project umbrella, the Open Observatory of Network Interference (OONI) is a global observation network watching online censorship since 2012. Data from OONI has detected censorship in countries including Iran, Saudi Arabia, Turkey, South Korea, Greece, China, Russia, India, Indonesia and Sudan. The project watches over 100 countries and serves as a resource to journalists, lawyers, activists, researchers and people on the ground in countries where censorship is prevalent. In 2016, internet censorship was used in countries like the African nation of Gabon during highly contested elections and subsequent protests. To stop citizens from sharing videos of election irregularities, the country’s internet was down for four days. Earlier in 2016, Uganda engaged in similar widespread censorship. Both countries at times denied their actions, making tools like OONI ever more valuable. “What Signal did for end-to-end encryption, OONI did for unmasking censorship,” Moses Karanja, a Kenyan researcher on the politics of information controls at Strathmore University’s CIPIT, said in a statement. “Most Africans rely on mobile phones as their primary means of accessing the internet and OONI’s mobile app allows for decentralized efforts in unmasking the nature of censorship and internet performance. The possibilities are exciting for researchers, business and the human rights community around the world. We look forward to interesting days ahead. ” Internet freedom declined for the sixth year in a row in 2016, according to a report from Freedom House, making censorship and surveillance transparency a high priority for activists looking to turn back that momentum. Twenty-four governments blocked access to social media sites and communication services in 2016, compared with 15 governments doing so last year, according to Freedom House. Internet freedom fell most precipitously in Uganda, Bangladesh, Cambodia, Ecuador and Libya. Several countries, including Egypt and the United Arab Emirates, reportedly tried to block Signal, the increasingly popular encrypted messenger developed in the United States. That’s part of a global trend that’s seen governments go after apps like WhatsApp and Telegram in an effort to stymie secure communications. “Never before has it been so easy to uncover evidence of internet censorship,” Arturo Filastò, OONI’s project lead and core developer said in a statement. “By simply owning a smartphone (and running ooniprobe), you can now play an active role in increasing transparency around internet controls.” The app will be available on the Google Play and iOS app stores this week, according to Tor Project spokeswoman Kate Krauss. Article source
  5. Four in Five Britons Fearful Trump Will Abuse their Data More than three-quarters of Britons believe incoming US President Donald Trump will use his surveillance powers for personal gain, and a similar number want reassurances from the government that data collected by GCHQ will be safeguarded against such misuse. These are the headline findings from a new Privacy International poll of over 1600 Brits on the day Trump is inaugurated as the 45th President of the most powerful nation on earth. With that role comes sweeping surveillance powers – the extent of which was only revealed after NSA whistleblower Edward Snowden went public in 2013. There are many now concerned that Trump, an eccentric reality TV star and gregarious property mogul, could abuse such powers for personal gain. That’s what 78% of UK adults polled by Privacy International believe, and 54% said they had no trust that Trump would use surveillance for legitimate purposes. Perhaps more important for those living in the United Kingdom is the extent of the information sharing partnership between the US and the UK. Some 73% of respondents said they wanted the government to explain what safeguards exist to ensure any data swept up by their domestic secret services doesn’t end up being abused by the new US administration. That fear has become even more marked since the passage of the Investigatory Powers Act or 'Snoopers’ Charter', which granted the British authorities unprecedented mass surveillance and hacking powers, as well as forcing ISPs to retain all web records for up to 12 months. Privacy International claimed that although it has privately been presented with documents detailing the info sharing partnership between the two nations, Downing Street has so far refused to make the information public. The rights group and nine others are currently appealing to the European Court of Human Rights to overturn a decision by the Investigatory Powers Tribunal (IPT) not to release information about the rules governing the US-UK agreement. “UK and the US spies have enjoyed a cosy secret relationship for a long time, sharing sensitive intelligence data with each other, without parliament knowing anything about it, and without any public consent. Slowly, we’re learning more about the staggering scale of this cooperation and a dangerous lack of sufficient oversight,” argued Privacy International research officer, Edin Omanovic. “Today, a new President will take charge of US intelligence agencies – a President whose appetite for surveillance powers and how they’re used put him at odds with British values, security, and its people… Given that our intelligence agencies are giving him unfettered access to massive troves of personal data, including potentially about British people, it is essential that the details behind all this are taken out of the shadows.” Source
  6. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  7. Chinese Citizens Can Be Tracked In Real Time A group of researchers have revealed that the Chinese government is collecting data on its citizens to an extent where their movements can even be tracked in real-time using their mobile devices. This discovery was made by The Citizen Lab at the University of Toronto's Munk School of Global Affairs who specialize in studying the ways in which information technology affects both personal and human rights worldwide. It has been known for some time that the Chinese government employs a number of invasive tactics to be fully aware of the lives of its citizens. Though Citizen Lab was able to discover that the government has begun to monitor its populace using apps and services designed and run by the private sector. The discovery was made when the researchers began exploring Tencent's popular chat app WeChat that is installed on the devices of almost every Chinese citizen with 800 million active users each month. Citizen Lab found that not only does the app help the government censor chats between users but that it is also being used as a state surveillance tool. WeChat's restrictions even remain active for Chinese students studying abroad. Ronald Deibert, a researcher at Citizen Lab, offered further insight on the team's discovery, saying: "What the government has managed to do, I think quite successfully, is download the controls to the private sector, to make it incumbent upon them to police their own networks". To make matters worse, the data collected by WeChat and other Chinese apps and services is currently being sold online. The Guangzhou Southern Metropolis Daily led an investigation that found that large amounts of personal data on nearly anyone could be purchased online for a little over a hundred US dollars. The newspaper also found another service that offered the ability to track users in real-time via their mobile devices. Users traveling to China anytime soon should be extra cautious as to their activities online and should think twice before installing WeChat during their stay. Published under license from ITProPortal.com, a Future plc Publication. All rights reserved. Source
  8. After Spying Webcams, Welcome the Spy Toys “My Friend Cayla and I-Que” Privacy advocates claim both toys pose security and privacy threat for children and parents. Internet-connected toys are currently a rage among parents and kids alike but what we are not aware of are the associated security dangers of using Smart toys. It is a fact that has been acknowledged by the Center for Digital Democracy that smart toys pose grave privacy, security and similar other risks to children. There are certain privacy and security flaws in a pair of smart toys that have been designed to engage with kids. Last year, we reported how “Hello Barbie” toy spies on kids by talking to them, recording their conversations and send them to company’s servers which are then analyzed and stored in another cloud server. Now, the dolls My Friend Cayla and I-Que Intelligent Robot that are being marketed for both male and female kids are the objects of security concern. In fact the Federal Trade Commission’s child advocacy, consumer and privacy groups have filed a complaint [PDF] against these dolls. It is being suspected that these dolls are violating the Children’s Online Privacy Protection Act (COPPA) as well as the FTC rules because these collect and use personal data via communicating with kids. This feature of the dolls is being termed as a deceptive practice by the makers. The FTC has been asked in the complaint to investigate the matter and take action against the manufacturer of the dolls Genesis Toys as well as the provider of third-party voice recognition software for My Friend Cayla and I-Que, Nuance Communications. The complaints have been filed by these groups: the Campaign for a Commercial-Free Childhood (CCFC), Consumers Union, Center for Digital Democracy (CDD) and the Electronic Privacy Information Center (EPIC). According to complainers, these dolls are already creepy looking and the fact that these gather information makes them even creepier. Both these toys use voice recognition technology coupled with internet connectivity and Bluetooth to engage with the kids through answering questions and making up conversations. However, according to the CDD, this is done in a very insecure and invasive manner. The Genesis Toys claims on its website that while “most of Cayla’s conversational features can be accessed offline,” but searching for information would require internet connectivity. The promotional video for Cayla doll also focuses upon the toy’s ability to communicate with the kid as it stated: “ask Cayla almost anything.” To work, these dolls require mobile apps but some questions might be asked directly. The toys keep a Bluetooth connection enabled constantly so that the dolls could reach to the actions in the app and identify the objects when the kid taps on the screen. Some of the asked questions are recorded and sent to Nuance’s servers for parsing but it is yet unclear how much of the information is kept private. The toys’ manufacturer maintains that complete anonymity is observed. The toys were released in late 2015 but still these are selling like hot cakes. As per researchers’ statement in the FTC complaint, “by connecting one phone to the doll through the insecure Bluetooth connection and calling that phone with a second phone, they were able to both converse with and covertly listen to conversations collected through the My Friend Cayla and i-Que toys.” This means anyone can use their smartphone to communicate with the child using the doll as the gateway. Watch this add to see how Cayla works Watch this video to understand how anyone can spy on your child with Cayla and i-Que If you own a smart toy, keep an eye on the conversation between you and your kid. Courtesy: CDD Source
  9. Snowden Leaks Reveal NSA Snooped On In-Flight Mobile Calls NSA, GCHQ intercepted signals as they were sent from satellites to ground stations. GCHQ and the NSA have spied on air passengers using in-flight GSM mobile services for years, newly-published documents originally obtained by Edward Snowden reveal. Technology from UK company AeroMobile and SitaOnAir is used by dozens of airlines to provide in-flight connectivity, including by British Airways, Virgin Atlantic, Lufthansa, and many Arab and Asian companies. Passengers connect to on-board GSM servers, which then communicate with satellites operated by British firm Inmarsat. "The use of GSM in-flight analysis can help identify the travel of a target—not to mention the other mobile devices (and potentially individuals) onboard the same plane with them," says a 2010 NSA newsletter. A presentation, made available by the Intercept, contains details of GCHQ's so-called "Thieving Magpie" programme. GCHQ and the NSA intercepted the signals as they were sent from the satellites to the ground stations that hooked into the terrestrial GSM network. Initially, coverage was restricted to flights in Europe, the Middle East, and Africa, but the surveillance programme was expected to go global at the time the presentation was made. GCHQ's Thieving Magpie presentation explains how in-flight mobile works. Ars has asked these three companies to comment on the extent to which they were aware of the spying, and whether they are able to improve security for their users to mitigate its effects, but was yet to receive replies from Inmarsat or AeroMobile at time of publication. A SitaOnAir spokesperson told Ars in an e-mail: The Thieving Magpie presentation explains that it is not necessary for calls to be made, or data to be sent, for surveillance to take place. If the phone is switched on, and registers with the in-flight GSM service, it can be tracked provided the plane is flying high enough that ground stations are out of reach. The data, we're told, was collected in "near real time," thus enabling "surveillance or arrest teams to be put in place in advance" to meet the plane when it lands. Using this system, aircraft can be tracked every two minutes while in flight. If data is sent via the GSM network, GCHQ's presentation says that e-mail addresses, Facebook IDs, and Skype addresses can all be gathered. Online services observed by GCHQ using its airborne surveillance include Twitter, Google Maps, VoIP, and BitTorrent. Meanwhile, Le Monde reported that "GCHQ could even, remotely, interfere with the working of the phone; as a result the user was forced to redial using his or her access codes." No source is given for that information, which presumably is found in other Snowden documents, not yet published. As the French newspaper also points out, judging by the information provided by Snowden, the NSA seemed to have something of a fixation with Air France flights. Apparently that was because "the CIA considered that Air France and Air Mexico flights were potential targets for terrorists." GCHQ shared that focus: the Thieving Magpie presentation uses aircraft bearing Air France livery to illustrate how in-flight GSM services work. Ars asked the UK's spies to comment on the latest revelations, and received the usual boilerplate response from a GCHQ spokesperson: It is longstanding policy that we do not comment on intelligence matters. So that's OK, then. Source
  10. Uber Knows Where You Go, Even After Ride Is Over Enlarge / Uber's iOS popup asking for new surveillance permissions. “We do this to improve pickups, drop-offs, customer service, and to enhance safety.” As promised, Uber is now tracking you even when your ride is over. The ride-hailing service said the surveillance—even when riders close the app—will improve its service. The company now tracks customers from when they request a ride until five minutes after the ride has ended. According to Uber, the move will help drivers locate riders without having to call them, and it will also allow Uber to analyze whether people are being dropped off and picked up properly—like on the correct side of the street. "We do this to improve pickups, drop-offs, customer service, and to enhance safety," Uber said. In a statement, the company said: Uber announced that it would make the change last year to allow surveillance in the app's background, prompting a Federal Trade Commission complaint. (PDF) The Electronic Privacy Information Center said at the time that "this collection of user's information far exceeds what customers expect from the transportation service. Users would not expect the company to collect location information when customers are not actively using the app." The complaint went nowhere. However, users must consent to the new surveillance. A popup—like the one shown at the top of this story—asks users to approve the tracking. Uber says on its site that riders "can disable location services through your device settings" and manually enter a pickup address. Uber and the New York Attorney General's office in January entered into an agreement to help protect users' location data. The deal requires Uber to encrypt location data and to protect it with multi-factor authentication. Source
  11. Encrypted Email Sign-Ups Instantly Double In Wake of Trump Victory ProtonMail suggests fear of the Donald prompting lockdown "ProtonMail follows the Swiss policy of neutrality. We do not take any position for or against Trump," the Swiss company's CEO stated on Monday, before revealing that new user sign-ups immediately doubled following Trump's election victory. ProtonMail has published figures showing that as soon as the election results rolled in, the public began to seek out privacy-focused services such as its own. CEO Andy Yen said that, in communicating with these new users, the company found people apprehensive about the decisions that President Trump might take and what they would mean considering the surveillance activities of the National Security Agency. "Given Trump's campaign rhetoric against journalists, political enemies, immigrants, and Muslims, there is concern that Trump could use the new tools at his disposal to target certain groups," Yen said. "As the NSA currently operates completely out of the public eye with very little legal oversight, all of this could be done in secret." ProtonMail was launched back in May 2014 by scientists who had met at CERN and MIT. In response to the Snowden revelations regarding collusion between the NSA and other email providers such as Google, they created a government-resistant, end-to-end encrypted email service. The service was so popular that it was "forced to institute a waiting list for new accounts after signups exceeded 10,000 per day" within the first three days of opening, the CEO previously told The Register when ProtonMail reopened free registration to all earlier this year. ProtonMail new user signups doubled immediately after Trump's election victory Yen said his service was now "seeing an influx of liberal users" despite its popularity on both sides of the political spectrum. "ProtonMail has also long been popular with the political right, who were truly worried about big government spying, and the Obama administration having access to their communications. Now the tables have turned," Yen noted. "One of the problems with having a technological infrastructure that can be abused for mass surveillance purposes is that governments can and do change, quite regularly in fact. "The only way to protect our freedom is to build technologies, such as end-to-end encryption, which cannot be abused for mass surveillance," Yen added. "Governments can change, but the laws of mathematics upon which encryption is based are much harder to change." Source
  12. In Germany journalists uncovered that the browser add-on Web of Trust (WOT) saves users' surf history to sell this data. While the company claims that the data being sold is anonymized, the journalists were able to identify several users, among those journalists, judges, policemen and politicians of the German government. The politicians reacted shocked when they were confronted with the findings from the journalists. The data contained all websites people visited, for instance traveling information or porn websites. In one case the journalists could even access banking details and a copy of an identification card all stored in an unencrypted online storage service. This opens the door for blackmail and identity theft The German politician Valerie Wilms (member of the Bundestag) was shocked when confronted with the data. It contained information such as journey routes, tax data as well as ideas about her political work. The politician said that this kind of data “can be very harmful. It can open the door for blackmail”. She would feel “naked”. Other politicians called for laws against such data mining if the companies mining the data could not be trusted. How does it work? The journalists explained that the data they received contained information collected by the browser plugin Web of Trust. This plugin verifies that each website a person is visiting can be trusted. For doing so the plugin sends information about every visited website to their server. This data is stored and a profile of the user is being created. While the company claims that it only sells the data in an anonymized form, the journalists said it was rather easy to figure out who the person in question was. For instance, the data contained information such as email addresses or login names that made it easy to conclude the user's name. Mass surveillance should be illegal. The politicians reacted shocked when they were confronted with the data that showed what websites they were visiting. Their statements proved one thing: The politicians being monitored did not feel secure. And they all agreed on one thing: That such a surveillance should be illegal. We at Tutanota agree completely. This is why we encrypt all user data end-to-end. We want to thank the investigative journalists at NDR for their great research. We hope that journalists - and politicians! - will more and more understand what the consequences of all-round surveillance are. Whenever there is surveillance the data can - and will - find its way into the wrong hands. We have to stop any form of monitoring in the first place. We can win the battle for privacy. When politicians start fighting along with us, we can win this battle and take back what belongs to us: Our personal data. Because no one is allowed to accumulate our data and sell it. As for now we can be smarter than the data miners when using the internet: Encrypt as much information as possible. Use only very few browser plugins and make sure they do not collect your data. Use privacy-friendly services that do not collect and sell you data. Pay for your online services, instead of paying with your data! Article source
  13. New Reports Show How Vague Laws Can Pave the Way for Human Rights Violations We're proud to announce today's release of “Unblinking Eyes: The State of Communications Surveillance in Latin America,” a project that analyzes surveillance laws and practices in Latin America. On this day, let’s take a minute to reflect on the horrific consequences of unchecked surveillance. The Terror Archive In December 1992, following a hastily-drawn sketch of a map given to him by a whistleblower, the Paraguayan lawyer Martin Almada drove to an obscure police station in the suburb of Lambaré, near Asunción. Behind the police offices, in a run-down office building, he discovered a cache of 700,000 documents, piled nearly to the ceiling. This was the “Terror Archive,” an almost complete record of the interrogations, torture, and surveillance conducted by the Paraguayan military dictatorship of Alfredo Stroessner. The files reported details of “Operation Condor,” a clandestine program between the military dictatorships in Argentina, Chile, Paraguay, Bolivia, Uruguay, and Brazil between the 1970s and 1980s. The military governments of those nations agreed to cooperate in sending teams into other countries to track, monitor, and kill their political opponents. The files listed more than 50,000 deaths and 400,000 political prisoners throughout Argentina, Bolivia, Brazil, Chile, Paraguay, Uruguay, Colombia, Peru, and Venezuela. Stroessner's secret police used informants, telephoto cameras, and wiretaps to build a paper database on everyone that was viewed as a threat, plus their friends and associates. The Terror Archive shows how far a country's government might sink when unchecked by judicial authorities, public oversight bodies, and the knowledge of the general public. That was a quarter century ago. A modern Operation Condor would have far more powerful tools at hand than just ring-binders, cameras, and wiretapped phones. Today's digital surveillance technology leaves the techniques documented in the Terror Archive in the dust. Twentieth century surveillance law considers the simple wiretapping of a single phone line, with no guidance on how to apply these regulations to our growing menagerie of spying capabilities. When new surveillance or cyber-security laws are passed, they are written paper over existing practice, or to widen existing powers—such as data retention laws that force phone and Internet companies to log and retain even more data for state use. Each of these new powers is a ticking time-bomb, waiting for abuse. One way to stop these powers from being turned against the public is to create robust and detailed modern privacy law to constrain its use, an independent judiciary who will enforce those limits, and a public oversight mechanism that allows the general public to know what its country's most secretive government agents are up to in their name. Unfortunately, legislators and judges within Latin America and beyond have little insight into how existing surveillance law is flawed or how it might be fixed. To assist in that imposing task, EFF has released “Unblinking Eyes: The State of Communications Surveillance in Latin America.” For over a year, we have worked with partner organizations across Latin America (Red en Defensa de los Derechos Digitales, Fundación Karisma, TEDIC, Hiperderecho, Centro de Estudios en Libertad de Expresión y Acceso a la Información, Derechos Digitales, InternetLab, Fundación Acceso) to shed a light on the current state of surveillance in the region both in law and in practice. We've carefully documented existing laws in 13 countries, and gathered evidence of the misapplication of those laws. Our aim is to understand the legal situation in each country, and contrast them with existing human rights standards. For this work, we analyzed publicly available laws and practices in Argentina, Brazil, Chile, Colombia, El Salvador, Guatemala, Honduras, Peru, Mexico, Nicaragua, Paraguay, Uruguay, and the United States and published individual reports documenting the state of communications surveillance in each of these countries. Then, we took that research and produced a broader report that compares surveillance laws and practices throughout the entire region. Our project was not limited to legal research, however. We mixed our legal and policy work with on-site training throughout the region for digital rights activists, traditional human rights lawyers, investigative journalists, activists, and policy makers. We explained how surveillance technologies work and how governments must apply international human rights standards to their laws and practices in order to appropriately limit those legal powers. We also mixed our legal and policy workshops with technical advice on how our partners in the region can protect themselves against government surveillance. What have we learned? Given the deeply rooted culture of secrecy surrounding surveillance, it is hard to judge the extent to which states comply with their own published legal norms. Ensuring that law not only complies with human rights standards but also genuinely governs and describes the state's real-world behavior is an ongoing challenge. Even still, we identified deficiencies that are widespread throughout the region and are in need of special and immediate action. Here are our recommendations: The culture of secrecy surrounding communications surveillance must stop. We need the ensure that civil society, companies, and policy makers understand the importance of transparency in the context of surveillance, and why transparency reporting from the companies and the state is crucial to preventing abuses of power. State officials and civil society must ensure that written norms are translated into consistent practice and that any failure to uphold the law is discovered and remedied. Judicial guidance from impartial, independent, and knowledgeable judges is needed. States should have dedicated communications surveillance laws rather than a jigsaw puzzle of numerous provisions spread throughout various legislation and these laws should be necessary, proportionate, and adequate. The region should commit to implementing public oversight mechanisms that are carefully matched in resources and authority over those who wield these powers. Individuals need to be granted due process, and a right to be notified about a surveillance decision with enough time and information to challenge that decision or seek other remedies whenever possible; innocent individuals affected by surveillance need avenues for redress. Lastly, we need a strong civil society coalition working on these issues. With the help of watchful and informed judges and legislators, we hope that digital technology will be used wisely to protect, not violate, human rights. We must ensure that we build a world where the Terror Archive remains a grim record of past failings, not a low-tech harbinger of an even darker future. Read our reports, and learn about the situation of surveillance in Latin America. Join us to defend our rights and those of the future. Below you can find some key findings for each country. Article source
  14. Yahoo's Spying Billboard: It Would ID You, Watch And Listen To Your Reactions To Ads Yahoo's idea is for the billboard's ad content to be based on real-time information about a crowd of people, who could be commuters on a train platform. Yahoo is exploring a smart billboard that would use microphones, cameras and other sensors to bring targeted advertising to outdoor displays. Hacked web giant Yahoo has filed a patent application for the ultimate ad-targeting system: a billboard that uses sensors to watch, listen and capture biometric data from the passing public. Yahoo, still in damage control from this week's claims that it helped the government spy on its email users, has filed a patent for smart technology that brings online ad-targeting capabilities to public billboards. The billboards would have cameras, microphones, motion-proximity sensors, and biometric sensors, such as fingerprint or retinal scanning, or facial recognition, according to the patent, which was filed last year but published on Thursday. The sensors would be used to measure engagement of passers-by. "For example, image data or motion-proximity sensor data may be processed to determine whether any members of the audience paused or slowed down near the advertising content, from which it may be inferred that the pause or slowing was in response to the advertising content (eg, a measurement of 'dwell time')," Yahoo writes. It could also use image or video data to determine whether any individuals looked directly at the advertising content. Alternatively, "Audio data captured by one or more microphones may be processed using speech-recognition techniques to identify keywords relating to the advertising that are spoken by members of the audience." As Yahoo explains, the ability to personalize ads for smartphones has made mobile the most efficient place to use marketing budgets, whereas digital displays in public spaces, which still attract ad dollars, remain stuck on old technology. But instead of individualizing ads, Yahoo's idea would be to 'grouplize', where ad content is based on real-time information about a crowd of people, who could be commuters on a train platform or cars passing by a freeway billboard. In the freeway scenario, the billboard would be placed near traffic sensors that detect the number of vehicles passing, their speed, and time of day. It might also use video to capture images of vehicles, and use image recognition to determine the maker and model of vehicles to distill demographic data. The billboard may also use cell-tower data, mobile app location data, or image data to "identify specific individuals in the target audience, the demographic data (eg, as obtained from a marketing or user database) which can then be aggregated to represent all or a portion of the target audience". Alternatively, it could use vehicle GPS systems to identify specific vehicles and vehicle owners. "Those of skill in the art will appreciate from the diversity of these examples the great variety of ways in which an aggregate audience profile may be determined or generated using real-time information representing the context of the electronic public advertising display and/or additional information from a wide variety of sources," Yahoo notes. It sees potential for the system to be integrated with existing online ad exchanges, allowing advertisers to reach across devices with the same ads. It also envisages extending the online ad model of auctioning billboard space to the highest bidder, with content determined by the group's characteristics. However, if the smart billboards did their job of "grouplizing" a group of young adult males, it might display a risqué dating site ad, Yahoo says. This approach might be acceptable to some on a phone, but dangerous on the freeway. Yahoo says it has an answer for this issue: "Any advertising content including video could, for example, be eliminated from the pool of available content or modified to remove video components." In May, New York Senator Charles Schumer called on the Federal Trade Commission to investigate the use of 'spying billboards', which he described as popping up in cities across the country. He warned that such technology may represent a violation of privacy rights, because of the way it tracks the individual's cell phone data, and constitute a deceptive trade practice. Source
  15. Thanks to the power of algorithms, machine learning, and open source data sets. Back in March 2015, the CIA chief began setting up a new office, the Directorate of Digital Innovation, to integrate the latest tech into the agency's data-gathering workflow along with boosting the country's cyber defense. According to its director, the department has helped the CIA as a whole improve its "anticipatory intelligence." Speaking at the Next Tech event yesterday, Deputy Director for Digital Innovation Andrew Hallman noted that, in some instances, they've been able to forecast social unrest and societal instability in other countries by as much as three to five days out. That "anticipatory intelligence" has been boosted through a combination of algorithms and analytics to predict the flow of illicit goods or extremists, according to Defense One. Deep and machine learning makes sense of seemingly disparate data, helping analysts see patterns to anticipate national security threats. And then they apply it to the world. "What we're trying to do within a unit of my directorate is leverage what we know from social sciences on the development of instability, coups and financial instability, and take what we know from the past six or seven decades and leverage what is becoming the instrumentation of the globe," Hallman said during yesterday's event. They don't just pore through the intelligence community's own proprietary information, either. The Digital Innovation department has been using more and more open source data sets with specialists who can combine public and agency information to draw more nuanced conclusions, which CIA director John Brennan called a tremendous advantage. Combined with their increasing surveillance of social media, the agency is clearly looking to gobble up as much information as possible. With tech's best data-parsing tools, they hope to get days of lead time to prepare for riots and social decay across the globe. But how successful they are and how far ahead they can accurately anticipate it is uncertain. 1st posted on : Defense One Source: https://www.engadget.com/2016/10/05/cia-claims-it-can-predict-some-social-unrest-up-to-5-days-ahead/
  16. Swiss Vote to Give Their Government More Spying Powers Swiss approve new surveillance law with 66.5% majority Last year, the country's parliament passed a law that allowed its secret service, FIS (Federal Intelligence Service), more powers to snoop on emails, tap phones, or use hidden cameras and microphones. Such technologies and investigative procedures are common practice in other countries, but they have been outlawed by the strict Swiss government. New surveillance law passed in 2015, implementation delayed The law, which the government argued it was needed after the devastating Paris ISIS attacks, was contested by privacy groups and the Swiss leftist political parties, which delayed its implementation and forced it into a country-wide referendum that took place this Sunday. The Swiss population made their voice heard over the weekend and concerned with the ever-increasing threat from terrorist groups have voted to sacrifice some of their privacy for the sake of security. Switzerland, next to Germany and the northern Scandinavian countries, has some of the strictest privacy laws in Europe. So much so that it took Google years to get permission to map out the country via its Street View service. Swiss secret service will need special authorization on a per-case basis FIS, who handles both internal and external cyber-espionage operations, will need special authorization from a court, the defense ministry, and the cabinet if they are to launch internal surveillance operations. According to SwissInfo, opponents of this law struggled in winning the older generation on their side, who mostly voted for the new surveillance laws. The publication also noted the little attention the campaign got in the media, with most of the attention focusing on another topic included in the three-vote referendum, related to a 10 percent boost to the country's old age pension fund. The population voted against an increase of the pension fund just because it would add an extra strain on the state's budget. The third issue was related to Switzerland increasing its green economy, which citizens also voted down. Source
  17. New Campaign Set in Motion to Pardon Edward Snowden "Pardon Snowden" campaign launches with new Snowden movie The new campaign will launch on Wednesday, September 16, on the same day the Snowden movie premieres in the US. Campaign coincides with Snowden movie release The movie chronicles the early life of Edward Snowden and what drove him to steal NSA documents and provide them to a group of journalists. The documents revealed a secret surveillance program conducted by the NSA against its own citizens and other countries abroad. The movie is directed by Oliver Stone, stars Joseph Gordon-Levitt as Snowden, and premiered last week at the Toronto Film Festival in Canada. The ACLU and its partners hope to raise public awareness for Snowden's cause and improve the whistleblower's image in the US, where still a considerable amount of people consider him a traitor. First Snowden pardon attempt failed in 2013 The campaign website, hosted at pardonsnowden.org, is still down at the moment but is expected to become available tomorrow. This new ACLU-backed campaign is the second attempt at getting Snowden pardoned, after the White House shot down a petition signed by almost 168,000 people in June 2013. It took over two years for the White House to answer the petition. In July 2015, Homeland Security Advisor Lisa Monaco responded that Snowden should "come home to the United States, and be judged by a jury of his peers - not hide behind the cover of an authoritarian regime." This new petition needs to gather over 100,000 signatures to warrant an official response from the White House. Bleek chances for a Snowden pardon Neither Barrack Obama, or current presidential candidates Donald Trump or Hillary Clinton, have expressed interest in pardoning Snowden in the past. The US government has answered questions about Snowden in the past saying they run whistleblower programs, but Snowden broke the law by stealing data and then publishing online. In their view, he was supposed to alert the proper departments of abuse inside NSA's program. In Snowden's defense, the program was institutionalized and looks to be more of a national policy rather than a rogue division operating inside the US government. In July, Snowden together with Andrew Huang launched a case for iPhone devices that alerts users when the phone starts sending data from their phone without their approval. The case is meant to detect surveillance attempts and is marketed for dissidents and journalists. Source
  18. Snowden Leak Reveals Mass Surveillance Originated In The UK Submitted by IWB, on September 9th, 2016 by Sean Adl-Tabatabai According to newly released documents from Edward Snowden, the UK influenced the NSA’s decision to implement a “collect it all” strategy in surveillance. It was the UK that pursued an aggressive Orwellian-style mass surveillance system that eventually got adopted by the US, Snowden claims. Arstechnica.co.uk reports: During a June 2008 visit to the Menwith Hill monitoring station in North Yorkshire, then-director of the NSA Keith Alexander asked: “Why can’t we collect all the signals, all the time?” He went on: “Sounds like a good summer homework project for Menwith!” Menwith Hill Station—which formerly monitored Soviet signals and is now the NSA’s largest overseas spying base—expanded greatly in the wake of Alexander’s challenge, as The Intercept reports in its coverage of the new Snowden documents: Between 2009 and 2012, Menwith Hill spent more than $40 million on a massive new 95,000-square-foot operations building—nearly twice the size of an average American football field. A large chunk of this space—10,000 square feet—was set aside for a data center that boasted the ability to store huge troves of intercepted communications. During the renovations, the NSA shipped in new computer systems and laid 182 miles of cables, enough to stretch from New York City to the outskirts of Boston. The agency also had a 200-seat-capacity auditorium constructed to host classified operations meetings and other events. The leaked documents reveal that, for years, the UK and US governments put out a “cover story” that Menwith Hill Station was used to provide “rapid radio relay and conduct communications research.” In fact, its striking white domes—around 30 of them—are used to eavesdrop on communications as they are sent through the air from satellites. That method contrasts with the other NSA and GCHQ bases that monitor signals passing through the fibre-optic cables linking countries. Menwith Hill Station also draws on US spy satellites orbiting above target countries around the world. The satellites can locate and capture signals on the ground below generated by mobile phones and even Wi-Fi networks. One of the most important tools used at Menwith Hill Station was Ghosthunter, the new leaks reveal, whose primary role was “to learn and establish pattern of life for known terrorists who use Internet cafes to communicate.” The focus on Internet cafes is explained by the fact that in the areas of interest—mostly in the Middle East—Internet connections are often routed via VSAT satellite systems, which makes them easier to intercept. VSAT surveillance was used to direct military operations: one document provided by Snowden speaks of “30 enemy killed” in Afghanistan as a result of signals intelligence passed to those in the field. Another leak speaks of Menwith Hill Station analysts finding “a new way to geolocate targets who are active at Internet cafes in Yemen.” The same memo speaks of an associated programme called Ghostwolf which “supports efforts to capture or eliminate key nodes in terrorist networks.” As the Intercept points out, “The description of GHOSTWOLF ties Menwith Hill to lethal operations in Yemen, providing the first documentary evidence that directly implicates the UK in covert actions in the country.” That’s problematic, because Yemen is not a war zone, so those targeted by drones there would not be considered “combatants” and anyone involved in their killing would not be entitled to “combatant immunity.” This is not a new issue: back in 2014, soon after the first Snowden documents were published, the barrister Jemima Stratford QC published a32-page analysis of the legal implications in which she warned that “An individual [working at GCHQ] involved in passing that information [used for US drone strikes against non-combatants] is likely to be an accessory to murder.” The latest leaks suggest that UK citizens working at Menwith Hill Station may also run this risk. http://investmentwatchblog.com/snowden-leak-reveals-mass-surveillance-originated-in-the-uk/ September 9th, 2016 | Tags: leak, mass, originated, reveals, snowden, surveillance, uk |
  19. Catalog of Surveillance Tech Used by US Police Leaks Online Let's have a look at the spying gear deployed by US police The 120-page catalog is dated 2014 and includes a panoply of spying gadgets worthy of any James Bond movie. The Intercept, an online news portal initially set up to release documents from the Snowden leak, claims the catalog came from the Florida Department of Law Enforcement. Catalog includes top-shelf spying gear The catalog is split in seven sections: video surveillance products; IP mesh networks; cameras & sensors; audio surveillance; tagging, tracking, and locating (TTL) systems; command & control systems; and cellular surveillance technology. The products listed in the audio and video surveillance sections are your regular microphones and video cameras, but there is also a section of mics and camera disguised as other products such as wall clocks, trash cans, street lights, bird houses, bug zappers, smoke detectors, garden reels, roof vents, paint and tar buckets. While this is the regular tech you'd expect police SWAT and surveillance teams to possess, there are some devices that are much powerful than your usual AV surveillance tech. Cops are not satisfied with audio-video surveillance anymore For example, a device called 3G-N can blackout cellular coverage in broad areas and collect data from users via a fake network it sets up in its place. The Cobham catalog also includes powerful gadgets that can deny service to targeted cellular phones, or that can take control of phones with the purpose of intercepting calls or SMS messages. There are also two "direction finders," devices that can track cellular devices in motion. These can be mounted in a backpack, underneath clothes, or on police cars, and used to track a suspect's whereabouts. Devices vary in size and are available from portable gadgets that can fit under clothes to powerful workstations that police officers need to install in vans to power-up and move around. All devices come with a special software called Mapplication, which plots out locations and surveilled areas on a screen using a map of the local terrain. Privacy groups have been fighting against the US government for years trying to discover cases where small police stations have performed non-discriminatory blanket surveillance on innocent US citizens, all with the purpose of catching one single suspect. According to numerous reports from US agencies, this practice is slowly becoming the day-to-day mode of operation for US police, who does not seem to respect user privacy anymore. The problem is not that US law enforcement agencies use military-grade surveillance tech, the problem is that they're using it without telling anyone, using a closed doors policy. More Images: View other 12 images here. Source
  20. Tor is an imperfect privacy platform. Ars meets the researchers trying to replace it. Since Edward Snowden stepped into the limelight from a hotel room in Hong Kong three years ago, use of the Tor anonymity network has grown massively. Journalists and activists have embraced the anonymity the network provides as a way to evade the mass surveillance under which we all now live, while citizens in countries with restrictive Internet censorship, like Turkey or Saudi Arabia, have turned to Tor in order to circumvent national firewalls. Law enforcement has been less enthusiastic, worrying that online anonymity also enables criminal activity. Tor's growth in users has not gone unnoticed, and today the network first dubbed "The Onion Router" is under constant strain from those wishing to identify anonymous Web users. The NSA and GCHQ have been studying Tor for a decade, looking for ways to penetrate online anonymity, at least according to these Snowden docs. In 2014, the US government paid Carnegie Mellon University to run a series of poisoned Tor relays to de-anonymise Tor users. A 2015 research paper outlined an attack effective, under certain circumstances, at decloaking Tor hidden services (now rebranded as "onion services"). Most recently, 110 poisoned Tor hidden service directories were discovered probing .onion sites for vulnerabilities, most likely in an attempt to de-anonymise both the servers and their visitors. Who can forget the now-famous "Tor stinks" slide that was part of the Snowden trove of leaked docs. Cracks are beginning to show; a 2013 analysis by researchers at the US Naval Research Laboratory (NRL), who helped develop Tor in the first place, concluded that "80 percent of all types of users may be de-anonymised by a relatively moderate Tor-relay adversary within six months." Despite this conclusion, the lead author of that research, Aaron Johnson of the NRL, tells Ars he would not describe Tor as broken—the issue is rather that it was never designed to be secure against the world’s most powerful adversaries in the first place. "It may be that people's threat models have changed, and it's no longer appropriate for what they might have used it for years ago," he explains. "Tor hasn't changed, it's the world that's changed." New threats Tor use in Turkey spiked during the recent crackdown. Tor's weakness to traffic analysis attacks is well-known. The original design documents highlight the system's vulnerability to a "global passive adversary" that can see all the traffic both entering and leaving the Tor network. Such an adversary could correlate that traffic and de-anonymise every user. But as the Tor project's cofounder Nick Mathewson explains, the problem of "Tor-relay adversaries" running poisoned nodes means that a theoretical adversary of this kind is not the network's greatest threat. "No adversary is truly global, but no adversary needs to be truly global," he says. "Eavesdropping on the entire Internet is a several-billion-dollar problem. Running a few computers to eavesdrop on a lot of traffic, a selective denial of service attack to drive traffic to your computers, that's like a tens-of-thousands-of-dollars problem." At the most basic level, an attacker who runs two poisoned Tor nodes—one entry, one exit—is able to analyse traffic and thereby identify the tiny, unlucky percentage of users whose circuit happened to cross both of those nodes. At present the Tor network offers, out of a total of around 7,000 relays, around 2,000 guard (entry) nodes and around 1,000 exit nodes. So the odds of such an event happening are one in two million (1/2000 x 1/1000), give or take. But, as Bryan Ford, professor at the Swiss Federal Institute of Technology in Lausanne (EPFL), who leads the Decentralised/Distributed Systems (DeDiS) Lab, explains: "If the attacker can add enough entry and exit relays to represent, say, 10 percent of Tor's total entry-relay and exit-relay bandwidth respectively, then suddenly the attacker is able to de-anonymise about one percent of all Tor circuits via this kind of traffic analysis (10 percent x 10 percent)." "Given that normal Web-browsing activity tends to open many Tor circuits concurrently (to different remote websites and HTTP servers) and over time (as you browse many different sites)," he adds, "this means that if you do any significant amount of Web browsing activity over Tor, and eventually open hundreds of different circuits over time, you can be virtually certain that such a poisoned-relay attacker will trivially be able to de-anonymise at least one of your Tor circuits." For a dissident or journalist worried about a visit from the secret police, de-anonymisation could mean arrest, torture, or death. As a result, these known weaknesses have prompted academic research into how Tor could be strengthened or even replaced by some new anonymity system. The priority for most researchers has been to find better ways to prevent traffic analysis. While a new anonymity system might be equally vulnerable to adversaries running poisoned nodes, better defences against traffic analysis would make those compromised relays much less useful and significantly raise the cost of de-anonymising users. The biggest hurdle? Despite the caveats mentioned here, Tor remains one of the better solutions for online anonymity, supported and maintained by a strong community of developers and volunteers. Deploying and scaling something better than Tor in a real-world, non-academic environment is no small feat. What Tor does really well Tor was designed as a general-purpose anonymity network optimised for low-latency, TCP-only traffic. Web browsing was, and remains, the most important use case, as evidenced by the popularity of the Tor Browser Bundle. This popularity has created a large anonymity set in which to hide—the more people who use Tor, the more difficult it is to passively identify any particular user. But that design comes at a cost. Web browsing requires low enough latency to be usable. The longer it takes for a webpage to load, the fewer the users who will tolerate the delay. In order to ensure that Web browsing is fast enough, Tor sacrifices some anonymity for usability and to cover traffic. Better to offer strong anonymity that many people will use than perfect anonymity that's too slow for most people's purposes, Tor's designers reasoned. "There are plenty of places where if you're willing to trade off for more anonymity with higher latency and bandwidth you'd wind up with different designs," Mathewson says. "Something in that space is pretty promising. The biggest open question in that space is, 'what is the sweet spot?' "Is chat still acceptable when we get into 20 seconds of delay?" he asks. "Is e-mail acceptable with a five-minute delay? How many users are willing to use that kind of a system?" Mathewson says he's excited by some of the anonymity systems emerging today but cautions that they are all still at the academic research phase and not yet ready for end users to download and use. Ford agrees: "The problem is taking the next big step beyond Tor. We've gotten to the point where we know significantly more secure is possible, but there's still a lot of development work to make it really usable." Continue reading page 2 & 3 here
  21. Walmart partnered with Lockheed Martin, FBI for employee surveillance Between 2012 and 2013, Walmart reportedly hired Lockheed Martin and later began working with the Federal Bureau of Investigation (FBI) to monitor its employees suspected of being involved in labor protests. Walmart partnered with Lockheed Martin and FBI to monitor employee protests between 2012 and 2013 Walmart contracted Lockheed Martin in the fall of 2012 to canvass and analyze social media sites so that they can keep tabs on employees when it caught wind of news that an advocacy group might stage a protest on Black Friday. according to Bloomberg Businessweek. More than 1,000 pages of e-mails, reports, playbooks, charts, and graphs, as well as testimony from its head of labor relations at the time detail the retail giant's efforts to conduct surveillance on its employees and members of the Organization United for Respect at Walmart (OUR Walmart), according to the report. The documents were obtained prior to a National Labor Relations Board (NLRB) hearing into OUR Walmart's allegations of retaliation against employees who joined protests, the report said. While Lockheed Martin is one of the biggest defense contractors in the world it also operates a tool called LM Wisdom, which the company advertises as having the power to analyze content that could “incite organized movements, riots and sway political outcomes.†While there is no evidence that the tool was used, Bloomberg reported a single reference to it in the documents obtained in the form of a question asking a Walmart corporate employee if she had heard of it. Walmart reportedly also used assistance from the contractor in April 2013 to monitor the movements of a “Ride for Respect†bus caravan organized by the protesters to arrive in Bentonville, Ark., the location of Walmart's corporate office, during a week long annual shareholder meeting. Upon learning that members of the Occupy movement might join the protest, Walmart contacted the FBI Joint Terrorism Task Forces although the documents don't contain any details about the collaboration, according to the report. SCMagazine attempted to contact Lockheed Martin and Walmart for comment however a Lockheed Martin spokesperson declined and Walmart has yet to respond. December 01, 2015 Source
  22. Snowden Presents Anti-Spying iPhone Case Attachment Device was specifically designed for journalists The device is nothing more than a case extension that gets plugged into the iPhone's SIM card slot and connect's to the phone's internal wiring. The device, which is only a design right now and is referred to as an "introspection engine," has a slot where the user can place his SIM card and continue to use the phone's mobile calling features, if ever needed. Snowden and Huang designed the device for journalists The role of the introspection engine, as Snowden and Huang explain in a researcher paper also embedded at the end of this article, is to provide an accurate status of the phone's radio signals. The two designed the device specifically for frontline journalists that want to avoid having their smartphones tapped and used to track them. In the past, it was proven that nation-states used surveillance malware to infect a target's phone and turn on the phone's radio signaling component, while not alerting the phone owner of the component's real status. This had allowed threat actors to track the phone's location via cell towers and secretly transmit data from the phone when the user thought his device was in airplane mode or shut down. Snowden's interested in protecting journalists comes from his role as Director at the Freedom of the Press Foundation. Device will alert the user when the phone starts broadcasting radio signals The introspection engine will detect electrical signals going through the phone specific to the activation and usage of the radio signaling component, and alert the user via loud beeps. By having a phone that doesn't snitch on their position at every few minutes, reporters can go in sensitive locations and record audio and video with their phone without giving away their position. Visually the device is nothing more than an bulky iPhone case extension, with a monochrome screen on the back of the phone that shows the owner's "dark" status. Plans exist to incorporate a "kill switch" functionality to shut down the phone in case the radio broadcasting features come to life out of the blue. Furthermore, the two announced that the source code for the device's firmware would also be available online, under an open source license, for anyone to inspect and audit. Against the Law: Countering Lawful Abuses of Digital Surveillance [Scribd. - 16 Pages] Source
  23. Former NSA contractor Edward Snowden has denounced proposed new Russian laws aimed at cracking down on terror. NSA whistleblower Edward Snowden: Proposed surveillance law is an "unworkable, unjustifiable violation" of Russian citizens' rights. NSA whistleblower Edward Snowden has called on president Vladimir Putin not to approve a law that will require phone companies to store user content for six months. On Friday Russia's lower house, the State Duma, voted to adopt a raft of new anti-terror laws, which will introduce far broader data-retention requirements targeting online and mobile communications in Russia. Snowden, who was granted asylum by Russia in 2013, responded by tweeting that the new "Big Brother law" was an "unworkable, unjustifiable violation" of Russian citizens' rights, and called on Putin not to sign it into force. Russian mobile phone companies will be required to store the content of all calls and text messages for six months, and retain call and message metadata for three years, according to Russian news agency TASS. Internet service providers will also need to store users' personal data for one year. "Mass surveillance doesn't work. This bill will take money and liberty from every Russian without improving safety. It should not be signed," Snowden wrote in a further appeal. He also called the law dangerous and impractical due to the massive cost of storing user content. Russia's largest mobile phone operator MTS has estimated the cost of storing actual content for six months would be $33.8bn, according to The Washington Times. Snowden has advocated a greater use of encryption by end users, but Russian's new law would also undermine that. According to Latvian-based Russian news site Meduza, providers of online service such as messaging apps or social networks would face fines of up to $15,000 for not cooperating with a request from Russian intelligence to decrypt messages. Putin is expected to sign the anti-terror measures into law, which were adopted as a response to the bombing of a Russian passenger plane over Egypt in October, The Guardian reported. The law also raises the maximum punishment from four years to eight years in prison, while the penalty for encouraging mass disturbances will be five to 10 years in prison. Anyone who approves of terrorism on the internet could face up to seven years' prison. Article source
  24. The Microsoft-LinkedIn Hookup Will Be The END of DAYS, I Tell You Running away with worst-case scenarios Sysadmin blog In case you've been living under a rock, Microsoft has bought LinkedIn. Unlike many, you'll notice I'm not laughing. I am not amused. I'm am, in fact, quite afraid. In many regions – my home nation of Canada being one of them – LinkedIn absolutely dominates career discovery and acquisition. Note the term "career". Jobber McJobs can be had in the traditional fashion, but if you want something that isn't poverty-tier and has the faintest hint of a prayer of upwards mobility, you are going to use LinkedIn. Perhaps more to the point, unless you're on LinkedIn, with a well-crafted and carefully curated profile, you're a nobody. You don't exist. And who you know – via your connections and endorsements – plays an ever-increasing role in the quality and type of job you can obtain in today's increasingly socially-networked knowledge economy. Now Microsoft, a convicted monopolist that distributes product marketing nagware as security updates and who has proven serially untrustworthy will own the gateway to your career. Fan-frakking-tastic. A disordered mind In no particular order – much like the never-ending stream of emails I get from both Microsoft and LinkedIn – here are my thoughts on the consequences of the Microsoft/LinkedIn collision. Some things could actually be useful. Microsoft has done an okay job with the Microsoft Virtual Academy. I can see similarities here with LinkedIn's Lynda.com training site; a training site that, quite frankly, is actually rather good. Microsoft doesn't like criticism. Being Microsoft, however, they get rather a lot of it. LinkedIn has been aspiring to become a content publishing platform for some time. Moosh all this together and I see the inevitable rise of a technology magazine so sycophantically pro-Microsoft that even Ed Bott would blush. There's a whole new market to be had creating a Sadville-like virtual city of HoloLens-powered virtual offices. LinkedIn would be an obvious banner under which to grow this effort. Telecommuting employees could be in the office even when not physically in the office, with their attentiveness and productivity tracked and subjected to analytics in ways that aren't possible with a physical office. Why restrict yourself to physical employees? Mash up the Microsoft Store with LinkedIn and the emerging "bot economy" can really take off! Naturally, Cortana is the obvious choice for all roles in all companies, but if for some reason you want a different virtual employee then Microsoft will now have a head start in finding it for you. And, of course, 30 per cent off your monthly subscription to it. Forget Clippy: with everything Cortana knows about you she can auto-generate your LinkedIn profile. Progress! In fact, given Microsoft's move towards removing customer control over their environment, it wouldn't shock me if everyone got an auto-generated profile by default. Getting manual control over your profile would probably require an Enterprise SA agreement with a minimum of five users at {extortionate amount} per month. Microsoft have shown that they are not above using malware techniques to push Windows 10. All that really remains is ransomware. Why hold a desktop to ransom, however, when you can hold someone's entire career? It would really suck if Microsoft's purchase of LinkedIn evolves, (or devolves,) into Peeple, but "for professionals", and with careers on the line. The spectacularly creepy possibilities Bing can already be used to help predict if you have cancer. If you start throwing together everything Cortana hoovers up, Microsoft has a pretty good idea of your entire life. Cortana knows everything you do. Your search history, the files you create, the applications you open and even for how long you have those applications as the foreground application. Every letter you type, every website you visit, every news article you read, every second you slack off; Cortana knows it all. Imagine how valuable all that information is. Wrap it in a layer of bull about "pesudoanonymous" whatever in an attempt to make those pesky privacy fuzzy wuzzies go away and you could sell that as part of employer analytics, employee/employer "matching", you name it. Looking for a work-from-home type that actually works eight hours a day? Now Cortana can give you a list of profiles! Looking for people who get paid eight hours a day but actually work 12? Cortana knows! How about auxiliary information? Maybe your goal is to reduce corporate medical insurance costs. Cortana also knows how much time you spend on the Xbox, and how much of that is sedentary gaming versus Kinect-powered exercise. Hell, Cortana can probably even use the Kinect to tract the evolution of your body shape to determine if you meet corporate fitness guidelines. Cortana's knowledge and LinkedIn's connections and endorsements information combine to make an attractive Big Data pool about employees. Think about the "with whom do these people interact?" and "what does these people do with their spare time?" question for a moment. {Insert creepy overly invasive government agency here} already uses metadata like this to find out if we terrorists, smoke weed, speak out too frequently about human rights, vote for the wrong party or put out too many bags of garbage. The combined personal information Microsoft will have on us is not only very attractive to governments, it is attractive to employers. For example, Microsoft could create a "thought leadership" metric that is industry or job title specific. Does that potential employee really have the chops to be a social media nerd? Is your sysadmin secretly an influential powerhouse in the virtualization industry? Think of the analytics possibilities! What level of risk do your employees present if they decide to say negative things about you? Have any employees started communicating, searching for or connecting with your competitors recently? Are they searching for a new job? The more we move out of the professional side, the creepier it gets. Are you good with money? Do you have debt problems? Do you get along with your parents? How healthy is your marriage? Do you talk to friends a lot? How often do you play what kinds of video games? What movies do you watch? TV shows? What books do you read? Where do you travel? What kind of hotels do you stay in? Give me access to this kind of data and I'll tell you what kind of risk you are as an employee. Are you a train wreck whose personal life will constantly get in the way of work? Or one of those pee-in-jars types that gets so into their work I can chain you to a desk and periodically throw Snickers bars over the roof? Selling the information Cortana collects directly would be illegal. Selling pesudoanonymous "scores" in various areas, if done right, would absolutely be legal in the US. And as we all know, only the US's laws ever actually matter. It's all a bit of fun...right? When you consider what a combined Microsoft and LinkedIn know about you, the possibilities are pretty scary. The same could be said of others, of course, so everything ultimately boils down to how much - or if - you trust Microsoft. Now, I've been having fun writing this. Most of this is likely to be over the top paranoia, upjumped for a bit of a larf and hopefully provoke a thought or two. Or so I hope. On the other hand, many HR departments hire entirely by certification, resulting in IT departments full of certified idiots who can't actually do anything in the real world. Add to this that Microsoft does seem obsessed with emulating Apple and Google at every turn, and Google seems to hoover up every scrap of information about everything (and everyone) that it can find. So maybe – just maybe – some of the above fears are justified. Which ones ultimately form part of tomorrow's distopia, that's up for grabs. What do you think? What could the Microsoft/LinkedIn mashup give birth to? Answers in the comments, please. Source Other Related Articles Sources: PCWorld: Why Microsoft bought LinkedIn for $26 billion, in one word: Cortana - Alternate same content source - InfoWorld
  25. NSA wants to Exploit Internet of Things and Biomedical Devices The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points. Although it's not the hackers alone, the NSA is also behind the Internet of Things. We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013. But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers. During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now." Ledgett totally agreed on the fact that there are easier ways to track terrorists and foreign intelligence spies than to hack any biomedical devices they might have, but believed that these devices could be a source of information for the agency, reports the Intercept. When the deputy director was asked whether the entire scope of the IoTs, i.e. Billions of interconnected devices from toy's Wi-Fi to medical devices, would be a bonanza for the agency or just a security nightmare, Ledgett replied, "Both." Ledgett also explained that why the NSA was not able to help the FBI hack into iPhone belonged to the San Bernardino shooter, which was accessed by the FBI after buying an exploit from a group of hackers for a large sum of cash. It's because the agency had not exploited that particular model of iPhone, as the NSA has to prioritize its resources, which are not focussed on popular gadgets, rather on the bad guys' technology of choice. Ledgett is not the only intelligence official who sees the growing IoT devices as a possible way for global spying. During a Senate hearing in February, the Director of National Intelligence James Clapper also said that internet-connected devices could be useful "identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials." Source