Upload files to "content/posts/infosec"
This commit is contained in:
parent
35a23e5092
commit
ad19523427
@ -0,0 +1,25 @@
|
||||
---
|
||||
title: "Privacy fails through data aggregation"
|
||||
date: 2016-10-13T10:56:00+06:00
|
||||
draft: false
|
||||
tags: ["data privacy","surveillance","three-letter-agencies"]
|
||||
author: "Olivier Falcoz"
|
||||
hidemeta: false
|
||||
ShowReadingTime: true
|
||||
ShowPostNavLinks: true
|
||||
showtoc: false
|
||||
cover:
|
||||
image: "/images/"
|
||||
alt: "<alt text>"
|
||||
caption: "<text>"
|
||||
---
|
||||
“Aggregating” or combining data from multiple sources can actually reveal surprisingly specific information. You might not work for the Pentagon, but your data can be aggregated in the same way to [de-anonymize](https://en.wikipedia.org/wiki/De-anonymization) you. Here’s a small collection of these surprising privacy failures:
|
||||
|
||||
* The Classic Paper – [Simple Demographics Often Identify People Uniquely](http://dataprivacylab.org/projects/identifiability/paper1.pdf) shows that knowing just birth date, gender, and zip code is enough to uniquely identify most people.
|
||||
* Netflix Debacle – An *anonymous* Netflix dataset was [de-anonymized by correlating it with the IMDB](https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf) database.
|
||||
* Social Exposure – [De-anonymizing social networks](https://www.cs.utexas.edu/~shmat/shmat_oak09.pdf) (by Arvind Narayanan) demonstrates how an *anonymous* Twitter graph can be re-identified using Flickr for auxiliary information.
|
||||
* Your Words Betray You – Your choice of words in writing [can be analyzed](http://33bits.org/2012/02/20/is-writing-style-sufficient-to-deanonymize-material-posted-online/) to uniquely identify you according to [On the feasibility of Internet-Scale Author Identification](http://randomwalker.info/publications/author-identification-draft.pdf).
|
||||
* Location, Location, Location – The traces of your GPS location app, even your approximate location, is pretty unique. Outlined in [Unique in the crowd, the privacy bounds of human mobility](http://www.nature.com/articles/srep01376).
|
||||
* Bitcoin is often thought of as an anonymous currency, but it’s [surprisingly non-anonymous](https://coincenter.org/2015/01/anonymous-bitcoin/), considering its reputation. This is because a lot of information is contained in the *public ledger* that records all transactions. See also [An analysis of Anonymity in the Bitcoin System](http://arxiv.org/pdf/1107.4524).
|
||||
|
||||
Source: [Tozny Blog](https://tozny.com/blog/10-unnerving-privacy-fails-thru-data-aggregation/)
|
||||
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: "Privacy for Hillary — but none for the rest of America"
|
||||
date: 2016-10-13T16:54:00+06:00
|
||||
draft: false
|
||||
tags: ["data privacy","three-letter agencies","infosec","signal app"]
|
||||
author: "Olivier Falcoz"
|
||||
hidemeta: false
|
||||
ShowReadingTime: true
|
||||
ShowPostNavLinks: true
|
||||
showtoc: false
|
||||
cover:
|
||||
image: "/images/"
|
||||
alt: "<alt text>"
|
||||
caption: "<text>"
|
||||
---
|
||||
**The Irony of Clinton Embracing ‘Snowden-Approved’ Security App**
|
||||
|
||||
In 2014, [Hillary Clinton](http://observer.com/2016/06/the-classified-double-standard/) [claimed](http://www.dailymail.co.uk/news/article-2613670/His-leaks-helped-terrorists-Hillary-Clinton-blasts-NSA-leaker-Edward-Snowden.html) National Security Agency (NSA) whistleblower Edward Snowden’s leaks revealing a mass surveillance program of U.S. citizens helped terrorists and weakened national security. Meanwhile, she denied—and continues to deny—similar allegations directed at her “[extremely careless](http://observer.com/2016/05/game-over-emailgate-just-crippled-the-clinton-express/)” use of a [private email server](http://observer.com/2016/07/exclusive-security-source-details-bill-clinton-maneuver-to-meet-loretta-lynch/) during her [time](http://observer.com/2016/02/breaking-hillary-clinton-put-spies-lives-at-risk/) as [secretary of state](http://observer.com/2016/06/breaking-hillary-clinton-sent-information-marked-classified/).
|
||||
|
||||
In 2015, during the first Democratic Party debate, [Clinton](http://observer.com/2016/08/latest-email-leaks-keep-exposing-clinton-foundation-corruption/) [said](https://www.theguardian.com/us-news/2015/oct/13/clinton-sanders-snowden-nsa-democratic-debate) Snowden should “not be brought home without facing the music.”
|
||||
|
||||
During the second Democratic debate, Clinton [called](http://www.rollingstone.com/politics/news/edward-snowden-clintons-call-for-a-manhattan-like-project-is-terrifying-20151220) for a “Manhattan-like project” to expose any encrypted communication, yet her own campaign is using the same encryption technology she wants to stop others from accessing.
|
||||
|
||||
Given [Hillary Clinton](http://observer.com/2016/08/how-much-corruption-can-clinton-laugh-off/)’s critical attitude toward Snowden, his actions, and encryption in general, it is ironic that after the Democratic National Committee (DNC) was hacked earlier this year, her campaign staff and the DNC scrambled to install and exclusively use the encrypted app, Signal.
|
||||
|
||||
Who popularized it? [Edward Snowden](https://twitter.com/Snowden/status/661313394906161152).
|
||||
|
||||
-- [Michael Sainato](https://observer.com/author/michael-sainato/) in [Observer](https://observer.com/2016/08/the-irony-of-clinton-embracing-snowden-approved-security-app/)
|
||||
@ -0,0 +1,32 @@
|
||||
---
|
||||
title: "A lawyer rewrote Instagram’s terms of use ‘in plain English’"
|
||||
date: 2017-01-09T21:00:00+06:00
|
||||
draft: false
|
||||
tags: ["social media","data privacy",""]
|
||||
author: "Olivier Falcoz"
|
||||
hidemeta: false
|
||||
ShowReadingTime: true
|
||||
ShowPostNavLinks: true
|
||||
showtoc: false
|
||||
cover:
|
||||
image: "/images/"
|
||||
alt: "<alt text>"
|
||||
caption: "<text>"
|
||||
---
|
||||
**tl;dr**: delete Your Instagram account...
|
||||
|
||||
[A lawyer rewrote Instagram’s terms of use ‘in plain English’ so kids would know their privacy rights](https://www.washingtonpost.com/news/parenting/wp/2017/01/08/a-lawyer-rewrote-instagrams-terms-of-use-in-plain-english-so-kids-would-know-their-privacy-rights/) -- [Amy B. Wang](https://www.washingtonpost.com/people/amy-b-wang/)
|
||||
|
||||
// **Abstract** //
|
||||
|
||||
> Instagram’s [terms of use](https://help.instagram.com/478745558852511) in total run at least seven printed pages, with more than 5,000 words, mostly written in legalese.
|
||||
>
|
||||
> Jenny Afia, a privacy lawyer and partner at Schillings law firm in London was tasked with rewriting the company’s terms and conditions “in plain English.” The simplified terms of service fit on a single page.
|
||||
>
|
||||
> After Afia rewrote it for teenagers to be able to understand, it became, simply:
|
||||
> - “Don’t use anybody else’s account without their permission or try to find out their login details”
|
||||
> - “Don’t bully anyone or post anything horrible about people”
|
||||
> - “Officially you own any original pictures and videos you post, but we are allowed to use them, and we can let others use them as well, anywhere around the world. Other people might pay us to use them and we will not pay you for that.”
|
||||
> - “Although you are responsible for the information you put on Instagram, we may keep, use and share your personal information with companies connected with Instagram. This information includes your name, email address, school, where you live, pictures, phone number, your likes and dislikes, where you go, who your friends are, how often you use Instagram, and any other personal information we find such as your birthday or who you are chatting with, including in private messages (DMs).”
|
||||
|
||||
Simply delete Your Instagram account...
|
||||
28
content/posts/infosec/signalapp-desktop-fail.md
Normal file
28
content/posts/infosec/signalapp-desktop-fail.md
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: "Signal desktop: fail"
|
||||
date: 2016-02-15T11:30:00+06:00
|
||||
draft: false
|
||||
tags: ["signal app","infosec","data privacy","tech","instant messenger"]
|
||||
author: "Olivier Falcoz"
|
||||
hidemeta: false
|
||||
ShowReadingTime: true
|
||||
ShowPostNavLinks: true
|
||||
showtoc: false
|
||||
cover:
|
||||
image: "<image path/url>"
|
||||
alt: "<alt text>"
|
||||
caption: "<text>"
|
||||
relative: false # To use relative path for cover image, used in hugo Page-bundles
|
||||
|
||||
---
|
||||
*If you care about privacy, Signal is certainly not an option. -- Nikos Roussos*
|
||||
|
||||
Instead, use [Conversations](https://conversations.im/) on Android with [OMEMO](https://conversations.im/omemo/) encryption.
|
||||
|
||||
> Whisper Systems failed big once again. They just [announced](https://signal.org/blog/signal-desktop/) their "Desktop" version of Signal, which is actually a Chrome app.
|
||||
>
|
||||
>So just to get facts straight, this is neither a Desktop nor a Web app. And just like their Android app, you need a Google account to download it.
|
||||
>
|
||||
> Actually this is even worse, because you also need to use Chrome to use this app. **Channeling all your (meta)data through a closed source browser, built & distributed by the biggest tracking ad company**.
|
||||
>
|
||||
> -- [Nikos Roussos](https://roussos.cc/2015/12/05/signal-privacy/), 2015.12.05
|
||||
28
content/posts/infosec/surveillance-apathy-is-the-problem.md
Normal file
28
content/posts/infosec/surveillance-apathy-is-the-problem.md
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: "'Surveillance apathy' is the problem"
|
||||
date: 2017-11-09T04:41:49+06:00
|
||||
draft: false
|
||||
tags: ["data privacy","surveillance"]
|
||||
author: "Olivier Falcoz"
|
||||
hidemeta: false
|
||||
ShowReadingTime: true
|
||||
ShowPostNavLinks: true
|
||||
showtoc: false
|
||||
|
||||
---
|
||||
|
||||
Knowing it and getting used to it: surveillance apathy turns out to be more worrisome than the proper lack of understanding online surveillanc.
|
||||
|
||||
> You may be sick of worrying about online privacy, but surveillance apathy is also a problem. We all seem worried about privacy. Though it’s not only privacy itself we should be concerned about: it’s also our attitudes towards privacy that are important.
|
||||
>
|
||||
> When we stop caring about our digital privacy, we witness surveillance apathy. And it’s something that may be particularly significant for marginalised communities, who feel they hold no power to navigate or negotiate fair use of digital technologies.
|
||||
>
|
||||
> In the wake of the [NSA leaks in 2013](https://www.theguardian.com/us-news/the-nsa-files) led by Edward Snowden, we are more aware of the machinations of online companies such as Facebook and Google. Yet research shows[^1] some of us are apathetic when it comes to online surveillance.
|
||||
>
|
||||
> So while we’re aware of the issues with surveillance, we aren’t necessarily doing anything about it, or we’re prepared to make compromises when we perceive our safety is at stake.
|
||||
>
|
||||
> -- [Siobhan Lyons](https://theconversation.com/profiles/siobhan-lyons-133454) in [The Conversation](https://theconversation.com/you-may-be-sick-of-worrying-about-online-privacy-but-surveillance-apathy-is-also-a-problem-86474), 08 Nov. 2017
|
||||
|
||||
|
||||
[^1]: [Americans’ Privacy Strategies Post-Snowden](https://www.pewresearch.org/internet/2015/03/16/americans-privacy-strategies-post-snowden/) by Lee Rainie and Mary Madden - Pew Research Center
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user