Tag Archives: privacy

FBI on encryption: nothing to hide, nothing to fear?

9074740413_bd2d118133_c-thumb-570x378-125862Ever since the revelations from Edward Snowden became public last year, there has been an increased interest in encryption and online privacy. This has led companies like Apple and Google to encrypt or protect their new operating systems with coding by default. The FBI isn’t happy with the news. see more…

( -)-(- )Comments Off

Yahoo, PRISM and short-term memories

pew terrorism pollIn early September, it was revealed that Yahoo had been threatened with a fine of $250,000 per day for failing to hand over information to the federal government. Details of the threat became public after 1,500 pages worth of documents were unsealed in the case, stemming from a 2007 order from the FISA Court. Wired reports, “Yahoo applied to appeal the [FISA] decision and requested a stay in the data collection pending the appeal. But the FISA Court refused the stay, and beginning in March 2008, Yahoo was forced to comply with the request for data in the meantime ‘under threat of civil contempt.’
Five months later, in August 2008, the FISA Court of Review found that the data request, undertaken for national security reasons, qualified for an exception to the warrant requirement under the Fourth Amendment and upheld the original court’s order to comply.” see more…

( -)-(- )Comments Off

Kim Dotcom: End government surveillance, encrypt everything

File-sharing megahero Kim Dotcom is giving massive amounts of interviews to accompany his recent launch of Mega.co.nz — the file sharing portal that’s had over a million signups in about a week.

During an interview with Russia Today, Dotcom explained his views on how to end the snooping surveillance state the U.S. government has slowly wrapped around every packet traversing the internet. He wants everyone to start encrypting their online communication:

RT :The new program, Mega, is fully encrypted, and you’re touting it as an encrypted program so that people will want to use it. Do you think this is even necessary, right now, that people need encryption on the Internet?

KD: I think it’s important for the Internet that there is more encryption. Because what I have learned since I got dragged into this case is a lot about privacy abuses, about the government spying on people. You know, the US government invests a lot of money in spy clouds: massive data centers with hundreds of thousands of hard drives storing data. And what they are storing is basically any communication that traverses through US networks. And what that means they are not spying on individuals based on a warrant anymore. They just spy on everybody, permanently, all the time. And what that means for you and for anybody is that if you are ever a target of any kind of investigation, or someone has a political agenda against you, or a prosecutor doesn’t like you, or the police wants to interpret something in a way to get you in trouble — they can use all that data, go through it with a comb and find things even though we think we have nothing to hide and have done nothing wrong. They will find something that they can nail you with and that’s why it’s wrong to have these kinds of privacy abuses, and I decided to create a solution that overtime will encrypt more and more of the internet. So we start with files, we will then move to emails, and then move to Voice-Over-IP communication. And our API [Application Programming Interface] is available to any third-party developer to also create their own tools. And my goal is, within the next five years, I want to encrypt half of the Internet. Just reestablish a balance between a person — an individual — and the state. Because right now, we are living very close to this vision of George Orwell and I think it’s not the right way. It’s the wrong path that the government is on, thinking that they can spy on everybody.

Dotcom is so confident in his website that he has already issued a cash prize challenge, saying “Let’s see what you got.” Well Ars Technica went in and told us, “here’s the problem”:

A lot of the issues with Mega’s cryptographic implementation appear to be tied with the desire to make the service as “thin” as possible, requiring only a Javascript-capable browser (preferably Chrome, according to Mega). On one hand, this means there’s no client required, and the Web browser itself functions as the application platform—this simplifies the testing and deployment of new Mega features, since all Kim Dotcom’s guys have to do is update the site’s Javascript files. It also immediately buys total cross-platform compatibility, working on any computer in (just about) any browser.

On the other hand, the documentation and implementation have no small number of weaknesses and potential exploits. The RSA key pair generation process needs to be overhauled post-haste, and there needs to be some method of backing up and modifying a user’s encryption key.

The fact that encrypted data is not a total mystery to Mega is the most troubling issue.

Troubling indeed.

Thankfully we don’t need Dotcom’s Mega to do all the work of file encryption thinking for us. There are many options available out there, such as TrueCrypt. For browser encryption (without reminding yourself to change http to https or relying on site to do it automatically), Firefox and Chrome users can head on over to the Electronic Frontier Foundation’s HTTPS Everywhere project and begin encrypting all their traffic between browser and servers with a simple (and mostly transparent) plugin/add-on. PGP email encryption is nothing new to savvy geeks, even if they still have to send plain-text e-mail to their non-techie families.

Sadly, easy universal encryption has been slow in trickling down to the masses. And even worse: Even when it finally arrives, there remains the problem of a tyrannical government potentially forcing website owners to hand over unencrypted end-point data on users (for all we know, Dotcom’s servers could be raided again, providing a treasure trove of information to the snoops).

But don’t write off cyber privacy as an unwinnable battle just yet, Kim Dotcom may just be on to something, albeit on shaky grounds.

( -)-(- )2 comments

Life after a total hack

Life After A Total Hack is a short sci-fi story where everyone (yes everyone, on the entire planet) has their personal data and identities hacked and their habits posted online to a site called Schadenfreude.

Originally posted at BuzzFeed, here’s the fallout after six months:

Molly Newton began taking anti-depressants after it grew obvious Facebook would never be the same again. No one could ever trust that what they clicked and spied on would not be made public. Most of her other friends were already taking medication; she knew because she had read through the purchases on their bank accounts. The past several months had been difficult to maintain friendships at all. Everyone had secrets and no one had wanted them exposed. Since the hack, everyone was nervous and suspicious.

Molly missed her online communities: Facebook, SoundCloud, MyLife, Goodreads (though she hated to read), Twitter, Google+, Meetup, Foursquare, Pinterest, CafeMom (even though she did not like children), StumbleUpon, Flickr and LinkedIn, all of which she used to visit daily. When the hack occurred, she was nervous about visiting any of the sites lest more of her personal life get leaked online. She had been spending her time instead reading books and exercising; she had lost eighteen pounds and was in the best shape of her life. She had never looked better and could not feel good about it, because what she really wanted more than anything – more than being healthy and well-read and attractive – was to go on Pinterest and pin beautiful things to boards. The world was so much prettier and less cluttered on Pinterest, and she preferred it to the alternative of real life. see more…

( -)-(- )Comments Off