“This combination—a broad definition of what constitutes terrorism and a low threshold for designating someone a terrorist—opens the way to ensnaring innocent people in secret government dragnets. It can also be counterproductive. When resources are devoted to tracking people who are not genuine risks to national security, the actual threats get fewer resources—and might go unnoticed.” Jeremy Scahill and Ryan Devereaux report on the Obama administration’s expansion of the terrorist watchlist system.
“WhatsApp notoriously rifles through your address book, scoops up your phone numbers, and uploads them to its servers. This is something Facebook has wanted for some time since its own phone records are incomplete.” Andrew Orlowski is convinced that what Facebook actually bought are your contact’s phone numbers.
“Basically, iCloud is appallingly insecure, and Apple has just dramatically increased the volume of information that’s about to start flowing through it—names, email addresses, home addresses, and phone numbers in droves, not to mention your doctor’s visits.” Molly Wood does not regard Apple’s iCloud a safe place for her data.
“And whoever tells you that they have nothing to hide simply haven’t thought about this long enough. ‘Cause we have this thing called privacy. And if you really think that you have nothing to hide, please make sure that’s the first thing you tell me because then I know, that I should not trust you with any secrets because obviously, you can’t keep a secret [sic]”
“I would suggest that it is more useful to take a holistic democratic accounting of lawful access laws and their implications. Where such laws are prospectively damaging to the fabric of the democracy, perhaps by threatening rights of free speech, association, and limitations of governmental search powers, then those are the areas that we as citizens, journalists, and commentators must focus our attention. Such democratic narrative can be supported by technological and legal facts and opinions, but critically the basic narrative is not on corporate products, whiz-bang technologies, nor legal minutia, but the very principles of a democracy.” Christopher Parsons in 2012, more than one year before Edward Snowden, is right on the money pinpointing the implications of unrestrained government surveillance.
“Our choice isn’t between a digital world where the agency can eavesdrop and one where it cannot; our choice is between a digital world that is vulnerable to any attacker and one that is secure for all users.” Bruce Schneier regards ubiquitous surveillance as a quixotic undertaking that does nothing to keep us safe and does everything to undermine the very societies we seek to protect.
“Threema is a mobile messaging app that puts security first. With true end-to-end encryption, you can rest assured that only you and the intended recipient can read your messages.” Threema is my favourite instant messaging application and has been described as “a much flasher version of WhatsApp”. Its source code has recently undergone an external security audit and was found to provide a ”security level which compares favourably with the state of the art in similar messaging services“.
“We now face the greatest threat to our liberties since the second world war. We are sleepwalking into despotism. Because of the amount of material that is being collected, because these databases, which are not about tiny items of information, will be used and not just by governments. Snowden was working for a corporation. They will be accessed by others in government and because, that’s most important of all, people will start to self-censor. We will find that the very fact of the total surveillance of our activities means that we are going to sort of … it’s not a question, as the foreign minister said, of ‘if you haven’t done anything wrong you have nothing to fear’. [sic] This structure of surveillance will stop us doing things which are right, that we know we should be doing.” Anthony Barnett appearing on yesterday’s Newsnight programme.
“The RockYou dump was a watershed moment, but it turned out to be only the start of what’s become a much larger cracking phenomenon. By putting 14 million of the most common passwords into the public domain, it allowed people attacking cryptographically protected password leaks to almost instantaneously crack the weakest passwords. That made it possible to devote more resources to cracking the stronger ones.” Dan Goodin details the many reasons you should choose your passwords even more carefully.
“Practicing effective counterintelligence on the internet is an extremely difficult process and requires planning, evaluating options, capital investment in hardware, and a clear goal in mind.” The advice of the grugq is to choose your adversaries carefully, should you wish to maintain anonymity.
“I hope this post has helped clarify how browsers store your passwords, and why in some cases you shouldn’t let them. However, it would be unfair to end the post saying that browsers are completely unreliable at storing passwords. For example, in the case of Firefox, if a strong Master Password is chosen, account details are very unlikely to be harvested.” Having read Jordan Wright’s post, I for one am ditching Chrome on all of my devices.
Another reason for me to stop using Chrome is this long-standing bug in Chrome for Android.
“The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy—and that’s very dangerous to democracy and liberty.” Bruce Schneier shares his thoughts on the incestuous relationship between corporations, lawmakers and the intelligence community in the US.
You might also wish to compare Article 12, Universal Declaration of Human Rights.
“I’ve talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary’s defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.” Peter Bright’s story may be a couple of years old, but it still makes for an interesting read and tells you what not to do.
“Ever since the tightening of security after the terrorist attacks on September 11, 2001, scientists have worried that a scientific development would pit the need for safety against the need to share information. Now, it seems, that day has come.” Denise Grady and William Broad report on moves by the US government to effectively censor influenza research.
“Spending billions to force the terrorists to alter their plans in one particular way does not make us safer. It is far more cost-effective to concentrate our defences in ways that work regardless of tactic and target: intelligence, investigation and emergency response.” Bruce Schneier debates the former head of the Transportation Security Administration, Kip Hawley, on airport security. This is from the first of Schneier’s three statements on the topic.
www.economist.com 20 March, 23 March, 28 March
“Natürlich müssen wir uns darum bemühen, die Kontrollen an den Flughäfen effektiver zu machen. Profiling nach Herkunft und Religionszugehörigkeit aber ist eine schlechte Idee, die das Fliegen weder bequemer noch sicherer macht.” Peter Neumann believes that the use of passenger profiling would actually have detrimental effects on aviation security.
“Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country’s way of life; it’s only our reaction to that attack that can do that kind of damage.” In the wake of last week’s failed bombing of an airplane over Detroit, Bruce Schneier asks us to leverage the inherent strengths of our democracies.
“It may not be surprising for you to learn that email is not a secure medium of communication; however, it may surprise you to learn just how inherently insecure it really is.” Erik Kangas on how email really works, what the security issues are and where you can make the difference.
luxsci.com (PDF file, 112 kb)
“Wer eine E-Mail verschickt, muß damit rechnen, daß seine Nachricht von Dritten gelesen wird.” Brief article outlining steps you can take to keep your email communications private.
“Spammers use HTML emails to confirm your address.” There are other drawbacks to using HTML-formatting when sending and receiving emails. Consider this list of potential pitfalls that Martin Favreau has compiled for you.