From 7545c194bedad2d2dc2cd418e3adaecdbc9ee942 Mon Sep 17 00:00:00 2001 From: Olivier Date: Tue, 25 Mar 2025 15:28:51 +0100 Subject: [PATCH] Upload files to "content/posts/infosec" --- .../posts/infosec/china-blocks-whatsapp.md | 20 +++++ ...nting-web-beacons-inside-microsoft-word.md | 24 ++++++ ...corporate-surveillance-in-everyday-life.md | 26 +++++++ content/posts/infosec/ditching-whatsapp.md | 75 +++++++++++++++++++ .../europe-new-era-of-mass-surveillance.md | 21 ++++++ 5 files changed, 166 insertions(+) create mode 100644 content/posts/infosec/china-blocks-whatsapp.md create mode 100644 content/posts/infosec/cia-is-planting-web-beacons-inside-microsoft-word.md create mode 100644 content/posts/infosec/corporate-surveillance-in-everyday-life.md create mode 100644 content/posts/infosec/ditching-whatsapp.md create mode 100644 content/posts/infosec/europe-new-era-of-mass-surveillance.md diff --git a/content/posts/infosec/china-blocks-whatsapp.md b/content/posts/infosec/china-blocks-whatsapp.md new file mode 100644 index 0000000..0ae35e6 --- /dev/null +++ b/content/posts/infosec/china-blocks-whatsapp.md @@ -0,0 +1,20 @@ +--- +title: "China blocks WhatsApp" +date: 2017-09-26T02:16:00+06:00 +draft: false +tags: ["whatsapp","asia","china","data privacy","infosec","instant messenger","facebook"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +--- +*China has largely blocked the WhatsApp messaging app, the latest move by Beijing to step up surveillance ahead of a big Communist Party gathering next month.* + +> The disabling in mainland China of the Facebook-owned app is a setback for the social media giant, whose chief executive, Mark Zuckerberg, has been pushing to re-enter the Chinese market, and has been studying the Chinese language intensively. WhatsApp was the last of Facebook products to still be available in mainland China; the company’s main social media service has been blocked in China since 2009, and its Instagram image-sharing app is also unavailable. +> +> The disruption of WhatsApp comes as Beijing prepares for the Communist Party’s congress, which starts Oct. 18. +> +> By blocking the heavily encrypted WhatsApp service while making less secure applications like WeChat available to the public, the Chinese government has herded its internet users toward methods of communication that it can reliably monitor. +> +> Full story: [Keith Bradsher](http://www.nytimes.com/by/keith-bradsher) in [The New York Times](https://www.nytimes.com/2017/09/25/business/china-whatsapp-blocked.html) \ No newline at end of file diff --git a/content/posts/infosec/cia-is-planting-web-beacons-inside-microsoft-word.md b/content/posts/infosec/cia-is-planting-web-beacons-inside-microsoft-word.md new file mode 100644 index 0000000..1926030 --- /dev/null +++ b/content/posts/infosec/cia-is-planting-web-beacons-inside-microsoft-word.md @@ -0,0 +1,24 @@ +--- +title: "WikiLeaks reveals CIA tool ‘Scribbles’ for document tracking" +date: 2017-05-08T01:35:00+06:00 +draft: false +tags: ["surveillance","tech","data privacy","cia","microsoft"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "" + alt: "" + caption: "" + relative: false # To use relative path for cover image, used in hugo Page-bundles + +--- +> The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks. +> +> WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located on Microsoft Word documents that can report document analytics back to the CIA. +> +> WikiLeaks [released information Friday](https://wikileaks.org/vault7/#Scribbles) about Scribbles as part of its ongoing [Vault 7 Dark Matter](https://wikileaks.org/vault7/darkmatter/releases/) release that began [last month](https://threatpost.com/wikileaks-dump-shows-cia-interdiction-of-iphone-supply-chain/124540/). Also released is what WikiLeaks said is Scribbles’ source code. +> +> -- Tom Spring in [ThreatPost](https://threatpost.com/wikileaks-reveals-cia-tool-scribbles-for-document-tracking/125299/) - April 28, 2017 \ No newline at end of file diff --git a/content/posts/infosec/corporate-surveillance-in-everyday-life.md b/content/posts/infosec/corporate-surveillance-in-everyday-life.md new file mode 100644 index 0000000..ae5f537 --- /dev/null +++ b/content/posts/infosec/corporate-surveillance-in-everyday-life.md @@ -0,0 +1,26 @@ +--- +title: "Corporate surveillance in everyday life" +date: 2017-06-14T01:18:00+06:00 +draft: false +tags: ["surveillance","data privacy","tech"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "" + alt: "" + caption: "" + relative: false # To use relative path for cover image, used in hugo Page-bundles + +--- +**Report**: How thousands of companies monitor, analyze, and influence the lives of billions. Who are the main players in today’s digital tracking? What can they infer from our purchases, phone calls, web searches, and Facebook likes? How do online platforms, tech companies, and data brokers collect, trade, and make use of personal data? + +> In recent years, a wide range of companies has started to monitor, track and follow people in **virtually every aspect of their lives**. The behaviors, movements, social relationships, interests, weaknesses and most private moments of billions are now constantly recorded, evaluated and analyzed in real-time. The exploitation of personal information has become a multi-billion industry. Yet only **the tip of the iceberg** of today’s pervasive digital tracking is visible; much of it occurs in the background and remains opaque to most of us. +> +> This report by Cracked Labs examines the actual practices and inner workings of this personal data industry. Based on years of research and a previous 2016 report, the investigation shines light on the hidden data flows between companies. It maps the structure and scope of today’s **digital tracking and profiling ecosystems** and explores relevant technologies, platforms and devices, as well as key recent developments. +> +> While the full report is available as [PDF download](http://crackedlabs.org/dl/CrackedLabs_Christl_CorporateSurveillance.pdf), this web publication [presents a ten part overview](https://crackedlabs.org/en/corporate-surveillance). +> +> -- By [Wolfie Christl](http://twitter.com/WolfieChristl), Cracked Labs, June 2017. diff --git a/content/posts/infosec/ditching-whatsapp.md b/content/posts/infosec/ditching-whatsapp.md new file mode 100644 index 0000000..2d42a37 --- /dev/null +++ b/content/posts/infosec/ditching-whatsapp.md @@ -0,0 +1,75 @@ +--- +title: "Ditching WhatsApp [updated]" +date: 2018-06-14T12:54:49+01:00 +draft: false +tags: ["infosec","encryption","whatsapp","signal app","tech","xmpp","data privacy","instant messenger","facebook"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: true + +--- + +![WhatsApp is broken](/images/whatsapp-is-broken.jpg#center) + +*[First published on September 05, 2016]* + +I am ditching WhatsApp, following [Facebook’s decision to begin harvesting data](https://blog.whatsapp.com/looking-ahead-for-whats-app) from its messaging service. + +Even though *Motherboard* claims "it may be possible to [prevent WhatsApp to give your phone number to Facebook"](https://motherboard.vice.com/read/whatsapp-facebook-phone-number-how-to) (LOL) WhatsApp will still harvest your metadata. + + +> “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more.” -- [Wired](https://www.wired.com/2016/08/whatsapp-privacy-facebook/) + +# What’s In The Metadata? + +According to The Grugq in [Signals, Intelligence](https://medium.com/@thegrugq/signal-intelligence-free-for-all-5993c2f72f90) which takes the example of metadata carried by Signal, one of the *least privacy offender*, metadata does carry a freaking lot of actionable intelligence data; see for yourself: + +1. **Location data** + - Specific location (home, place of work, etc.) + - Mobility pattern (from home, via commuter route, to work) — very unique, just [4 locations is enough to identify 90%](http://www.nature.com/articles/srep01376?ial=1) of people + - Paired mobility pattern with a known device (known as “mirroring”, when two or more devices travel together; including car telemetry!) + +2. **Network data** + - Numbers dialed (who you call) + - Calls received (who calls you) + - Calling pattern (numbers dialed, for how long, how frequently) + +3. **Physical data** + - IMEI (mobile phone device ID) + - IMSI (mobile phone telco subscriber ID) + +4. **Content** + + - Identifiers, e.g. names, locations + - Voice fingerprinting + - Keywords + +See also [how your phone tracks your every move](https://www.abc.net.au/news/2015-08-16/metadata-retention-privacy-phone-will-ockenden/6694152) and [metadata - 6 Articles That Show How Your Metadata Knows Everything About You](https://medium.com/@blackVPN/metadata-25c3ab6d1e1d). + +# Alternatives to WhatsApp + +Now that I am done with WhatsApp, what alternative are available? A lot actually. + +## Instant Messaging + +- [Conversations.im](https://conversations.im/), a Android app developed by Daniel Gultsch based on the XMPP protocol with OMEMO[^1] and PGP encryption +- [Signal App](https://signal.org/) +- [Delta Chat](https://delta.chat/en/) an IM client that does not require your phone number and works on top of your own email service provider, with an option to encrypt messages with Autocrypt with your own PGP/GnuPG key +- ~~Telegram~~ [Edit 10.06.2016] Nah, it's broken. + +## Voice calls + +- [Signal App](https://signal.org/) +- [Linphone](https://f-droid.org/packages/org.linphone/) (SIP) +- [Jitsee Meet](https://meet.jit.si/) + +## Social Media + +- [Twidere](https://f-droid.org/en/packages/org.mariotaku.twidere/) an Android client for Twitter and [Mastodon](https://joinmastodon.org/) +- ~~Facebook~~ [Edit 2017: anything Facebook has been removed from my mobile device] + + + +[^1]: https://omemo.top/ diff --git a/content/posts/infosec/europe-new-era-of-mass-surveillance.md b/content/posts/infosec/europe-new-era-of-mass-surveillance.md new file mode 100644 index 0000000..b4c93b1 --- /dev/null +++ b/content/posts/infosec/europe-new-era-of-mass-surveillance.md @@ -0,0 +1,21 @@ +--- +title: "Europe's new era of mass surveillance" +date: 2017-01-11T11:38:00+06:00 +draft: false +tags: ["surveillance","data privacy"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "/images/" + alt: "" + caption: "" +--- + +> “If an intelligence law is not well-conceived and rational, it could easily become a formidable weapon of repression. An intelligence law should not only protect citizens against terrorism, but also against the State. We in France are doing neither. There is a total absence of control in this law.” -- Marc Trévidic, former chief terrorism investigator for the French judicial system +> +> In recent months, and in the wake of a series of terrorist attacks across Europe, Germany, France and the United Kingdom — Europe’s biggest superpowers — have passed laws granting their surveillance agencies virtually unfettered power to conduct bulk interception of communications across Europe and beyond, with limited to no effective oversight or procedural safeguards from abuse. +> +> -- Asaf Lubin, [JustSecurity.org](https://www.justsecurity.org/36098/era-mass-surveillance-emerging-europe/) \ No newline at end of file