Group items tagged

the "you choose who to let in" narrative is powerful because it trades on traditional notions of space and boundary regulation, and further appeals to our heightened sense of individual responsibility, and, possibly even vanity. The basic message is that so long as we exercise good judgment when selecting our friends, no privacy problems will arise

What this appeal to status quo relations and existing privacy settings conceals is the transformative potential of Graph : new types of searching can emerge that, due to enhanced frequency and newly created associations between data points, weaken, and possibly obliterate obscurity.

he other dominant narrative emerging is that the Graph will simplify "stalking."

the stalker frame muddies the concept, implying that the problem is people with bad intentions getting our information. Determined stalkers certainly pose a threat to the obscurity of information because they represent an increased likelihood that obscure information will be found and understood.

Well-intentioned searches can be problematic, too.

It is not a stretch to assume Graph could enable searching through the content of posts a user has liked or commented on and generating categories of interests from it. For example, users could search which of their friends are interested in politics, or, perhaps, specifically, in left-wing politics.

In this scenario, a user who wasn't a fan of political groups or causes, didn't list political groups or causes as interests, and didn't post political stories, could still be identified as political.

In a system that purportedly relies upon user control, it is still unclear how and if users will be able to detect when their personal information is no longer obscure. How will they be able to anticipate the numerous different queries that might expose previously obscure information? Will users even be aware of all the composite results including their information?

Obscurity is a protective state that can further a number of goals, such as autonomy, self-fulfillment, socialization, and relative freedom from the abuse of power. A major task ahead is for society to determine how much obscurity citizens need to thrive.

Similar precautions have been common in Silicon Valley since a 2009 Chinese state cyberattack on servers at Google and other tech companies.

Hank Paulson, a former Goldman Sachs chief executive, refuses to use email. Ben S. Bernanke, a former chairman of the Federal Reserve, once set up an email account under the pseudonym Edward Quince in the hopes of greater privacy.

In Hollywood, a breach at Sony Pictures in 2014 spilled out gossipy secrets and persuaded film crews, actors and executives alike to adopt security measures they once considered paranoid. Studios have turned to a new class of companies with names like WatchDox that wrap screenplays with encryption, passwords and monitoring systems that can track who has access to confidential files.

A new book by Harvey Silverglate, a lawyer in Massachusetts, titled “Three Felonies a Day,” claims the average professional in the United States commits at least three crimes every day. How? While academics, lawyers and even government officials don’t actually know how many laws exist in today’s judicial system, it’s estimated that there are from 10,000 to 300,000 federal regulations that could be enforced criminally.

as long as enough of us continue keeping our data under our own control, we can still do so. And we had better do so, or the option may disappear."

The lack of disclosure surrounding Hacker’s List is one reason the hackers-for-hire service has drawn considerable scorn from security consultants, who say the website is an invitation to illegal and unethical behavior.

It’s inappropriate for someone like Mr. Tendell, who calls himself a “white hat hacker,” to be involved in any way with an operation that potentially is profiting from illegal activity, Mr. Solomonson said.

In other words, people are doing their best to blend in with the crowd.

The challenge of achieving true anonymity, though, is that evading surveillance makes your behavior anomalous—and anomalies stick out. As the Japanese proverb says, "A nail that sticks out gets hammered down." Glenn Greenwald explained recently that simply using encryption can make you a target. For me, this was all the more motivation to disappear.

For those of us who feel confident that we have nothing to hide, the future of Internet security might not seem like a major concern. But we underestimate the many ways in which our online identities can be manipulated.

The U.S. Department of Defense has also figured out how influential Facebook and Twitter can be. In 2011, it announced a new “Social Media in Strategic Communication” (SMISC) program to detect and counter information the U.S. government deemed dangerous. “Since everyone is potentially an influencer on social media and is capable of spreading information,” one researcher involved in a SMISC study told The Guardian, “our work aims to identify and engage the right people at the right time on social media to help propagate information when needed.”

Private companies are also using personal information in hidden ways. They don’t simply learn our tastes and habits, offering us more of what want and less of what we don’t. As Michael Fertik wrote in a 2013 Scientific American article titled “The Rich See a Different Internet Than the Poor,” credit lenders have the ability to hide their offers from people who may need loans the most. And Google now has a patent to change its prices based on who’s buying. 

It is essentially impossible to achieve anonymity online. It requires a complete operational posture that extends from the digital to the physical. Downloading a secure messaging app and using Tor won’t all of a sudden make you “NSA-proof.” And doing it right is really, really hard.

Weighing these trade-offs in my day-to-day life led to a few behavioral changes, but I have a mostly normal relationship with the Internet—I deleted my Facebook account, I encrypt my emails whenever I can, and I use a handful of privacy minded browser extensions. But even those are steps many people are unwilling, or unable, to take.

the ubiquity of the Internet of Things is putting us squarely in the path of hackers, who will have almost unlimited portals into our digital lives.

Forbes reported that security researchers had come up with a $20 tool that was able to remotely control a car’s steering, brakes, acceleration, locks, and lights. It was an experiment that, again, showed how simple it is to manipulate and sabotage the smartest of machines, even though—but really because—a car is now, in the words of a Ford executive, a “cognitive device.”

a study of ten popular IoT devices by the computer company Hewlett-Packard uncovered a total of 250 security flaws among them. As Jerry Michalski, a former tech industry analyst and founder of the REX think tank, observed in a recent Pew study: “Most of the devices exposed on the internet will be vulnerable. They will also be prone to unintended consequences: they will do things nobody designed for beforehand, most of which will be undesirable.”

At present even those leading the charge against the surveillance state continue to treat the issue as if it were a political scandal that can be blamed on the corrupt policies of a few bad men who must be held accountable. It is widely hoped that all our societies need to do to fix our problems is to pass a few laws.

The cancer is much deeper than this. We live not only in a surveillance state, but in a surveillance society. Totalitarian surveillance is not only embodied in our governments; it is embedded in our economy, in our mundane uses of technology and in our everyday interactions.

The very concept of the Internet — a single, global, homogenous network that enmeshes the world — is the essence of a surveillance state. The Internet was built in a surveillance-friendly way because governments and serious players in the commercial Internet wanted it that way. There were alternatives at every step of the way. They were ignored.

there is an undeniable “tyrannical” side to the Internet. But the Internet is too complex to be unequivocally categorized as a “tyrannical” or a “democratic” phenomenon.

At their core, companies like Google and Facebook are in the same business as the U.S. government’s National Security Agency. They collect a vast amount of information about people, store it, integrate it and use it to predict individual and group behavior, which they then sell to advertisers and others. This similarity made them natural partners for the NSA

Unlike intelligence agencies, which eavesdrop on international telecommunications lines, the commercial surveillance complex lures billions of human beings with the promise of “free services.” Their business model is the industrial destruction of privacy. And yet even the more strident critics of NSA surveillance do not appear to be calling for an end to Google and Facebook

It is possible for more people to communicate and trade with others in more places in a single instant than it ever has been in history. The same developments that make our civilization easier to surveil make it harder to predict. They have made it easier for the larger part of humanity to educate itself, to race to consensus, and to compete with entrenched power groups.

If there is a modern analogue to Orwell’s “simple” and “democratic weapon,” which “gives claws to the weak” it is cryptography, the basis for the mathematics behind Bitcoin and the best secure communications programs. It is cheap to produce: cryptographic software can be written on a home computer. It is even cheaper to spread: software can be copied in a way that physical objects cannot. But it is also insuperable — the mathematics at the heart of modern cryptography are sound, and can withstand the might of a superpower. The same technologies that allowed the Allies to encrypt their radio communications against Axis intercepts can now be downloaded over a dial-up Internet connection and deployed with a cheap laptop.

It is too early to say whether the “democratizing” or the “tyrannical” side of the Internet will eventually win out. But acknowledging them — and perceiving them as the field of struggle — is the first step toward acting effectively

Humanity cannot now reject the Internet, but clearly we cannot surrender it either. Instead, we have to fight for it. Just as the dawn of atomic weapons inaugurated the Cold War, the manifold logic of the Internet is the key to understanding the approaching war for the intellectual center of our civilization

Mr. Cameron’s comments are part of a growing debate in Europe and the United States over whether Internet companies and telecom providers must cooperate fully with intelligence agencies, who have seen an increased use of social media by groups like the Islamic State, also known as ISIS or ISIL.

After the Paris attacks, European leaders, for example, called on Internet service providers to report potentially harmful online material aimed at inciting hatred or terror.

In the wake of this catastrophic violation, Mark Zuckerberg must be forced to testify before Congress and should be held accountable for the negligence of his company. Facebook has systematically failed to enforce its own policies. The only solution is external oversight.

We also need to confront conflicts between the public interest and the ways that social media companies make their profits. Where do privacy rights come in? Are they unduly blocking transparency about how political campaigns are conducted and who is financing them?

The spyware’s capabilities are near absolute. Once installed on a phone, the software can extract all of the data that’s already on the device (text messages, contacts, GPS location, email, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, according to a 2016 report by the New York Times.

NSO limits sales of its spyware, Pegasus, to state intelligence agencies

þffWhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the app’s encryption.

We’ve seen Russian actors intentionally use content posted by innocent Americans. We see other people post and share content from Russian campaigns. It doesn’t mean they’re actually connected. In fact, most times they’re not.

Influence operations are essentially weaponized uncertainty.

One of the most effective countermeasures in all of this is an informed public.

And there are so many opportunities to leverage that complexity to run a perception hack. A perception hack is an attempt to create a perception that there is a large scale influence operation when in fact there is no evidence to support it.

It’s our job to keep this debate as authentic as possible by putting more information and context out there. We can force pages that are pushing information to disclose who is behind them

We are living through a historic election with so many complex pieces to monitor. The piece that I and my team can help with is that we can make sure we secure this debate.

My counterpart at Twitter says I call him more than his mother does. We’re spending lots of time and exchanging information to try and stay ahead of this.

Between 2016 and next week we’ll have worked to protect more than 200 elections across the world. It’s critical to focus on next week, but we also have to remember Myanmar has an election five days later.

Related Expert Q&A

This methodology involves one party proving it has information it claims is true and a second party that wants to verify that the first party's information is indeed true. With a zero-knowledge proof system, the proving party does not transmit any secretive information that could substantiate whether what it claims is true.

– SearchSecurity

A zero-knowledge proof requires no real knowledge or secret information to prove the claim.

Zero-knowledge proofs are used in modern cybersecurity in situations where one system claims to possess sensitive data yet does not want to transmit that data to prove it to another system.