Submitted by Jon on Wed, 12/23/2015 - 10:50
This is partially a footnotes section from last week's Crpyto Saves Lives post, but every week brings new stories, and this week was a doozy. So, let's recap the whole "backdoored crypto / secret golden keys can work" argument:
(1) We can protect private information
*Cough* OPM *Cough*
Update: "Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet. The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000."
(2) Well, we are really good at protecting super-important crypto keys that only give good guys access,
So, those luggage locks with a "golden key", now required world-wide that only trained TSA agents can pop open? Yeah, about that... - TSA's master key set was allowed to be photographed, and while that photo was quickly taken off the internet, the damage was done. Anyone can now 3D print completely functional TSA keys.
(3) Besides, adding a backdoor won't cause problems!
Submitted by Jon on Sat, 01/25/2014 - 04:51
I spent this past week in Kiev. You may have heard something about the protests, and possibly even about some of the policy changes and new laws that sparked them. I was working with colleagues, journalists and human rights activists, supporting and training them as quickly as possible on digital security basics, and making sure they had contacts to reach out to for timely support.
It was a trip that was scheduled many months ago, when Ukraine was on the cusp of joining the EU. Things, to put it mildly, changed. Obviously, the violent protests have been featured widely in the news, but those capture only the most visible challenges the country is facing. Legislation pushed through with no regard for legal proceedings last Thursday promise to have a chilling effect on free speech, tight limits on media, even citizen journalists, and will devastate the civil society organizations, labeling them as "foreign agents" and taxing them as for-profit corporations if they take any international aid funding.
In the few days I was there, we experienced a "test" of new censorship capabilities as twitter and facebook -- critical messaging and coordination channels for activists -- went dark in Kiev for almost half an hour. People near the protest areas received ominous SMS messages on their phones telling them that they had been registered as present at the (illegal, under the new law) protest.
One note of import - there are two main areas of the protest - EuroMaidan is the months-long, Occupy-on-steroids encampment in Maidan Square. Though well barricaded off, it is a peaceful protest, with daily concerts and speeches on a well-equipped stage, a huge jumbotron, laser-light projections and more. Businesses - from a Nike storefront to a local brewpub to a carousel - are going on with business as normal within the barricaded-off area. The scenes of burning tires, tear gas and molotov cocktails is from the nearby Grushevsky St, where protesters gathered to confront Parliament after their "passage" of this Black Thursday law.
It is inspiring to see the passion and focus of people working to protect and expand their rights, and it is humbling to be able to lend support in any form. However, the challenges aren't getting any easier. The digital tools which provide the most security are also difficult to use, and more difficult to use correctly. They still "stick out" as unusual, and face an uphill battle against popular systems with little if any security.
This has to change. Privacy is not some abstract concept in these situations, it is the economic well-being, and too often, the pure survival of activists, journalists, and their contacts. When we allow policies and practices that undermine security and privacy, we're not just revealing embarrassing factoids about our call history, or even the three felonies a day you're probably committing as a US citizen - we are undermining our global dream of a world of nations with democratic rule, where their citizens can enjoy basic human rights without fear.
The world is ready for this, but when the current Ukrainian government points at American domestic policies as models of their newly crafted censorship and surveillance laws, it's a sign that we as Americans are not drinking our own koolaid (with a hat-tip to the many dedicated civil servants who are working hard to further human rights).
Submitted by Jon on Mon, 10/21/2013 - 17:50
Google has been making headlines with their shiny Project Shield which wraps PageSpeed with other tools to defend sites against denial of service attacks. The history of the denial of service, however, runs deep, and underlines that no centralized response to it will ever be able to cost-effectively scale against a distributed attack.
Let's rewind back to the 90s. Denial of service was a very, very different thing then - it was a tool for free expression, not one used to mute dissenting opinions as it is today.
In the dot-com boomtimes of the late 90s, I was absolutely fascinated by the digital protests that sprung up in reaction to Mexico's treatment of the Zapatista Movement. Floodnet was an activist art project by the Electronic Disturbance Theater. Floodnet was simply a website you could visit and it would direct your browser to constantly reload pages on the website of the Mexcian government. In addition to overloading the website with thousands of requests from you and our fellow programmers, you could add in a political message with each page load, to force the government's server to fill their log files with messages like "human rights not found."
"The FloodNet application of error log spamming is conceptual Internet art. This is your chance to voice your political concerns on a targeted server. [...] The server may respond to your intentional mistake with a message like: "human_rights not found on this server." So by creatively selecting phases, you can make the server voice your concerns. It may not use the kind of resources that the constant reloading uses (FloodNet automatically does that too), but it is sassy conceptualism and it invites you to play with clever statements while the background applet is running." (via http://www.thing.net/~rdom/ecd/ZapTact.html)
This original "denial of service" attack was seen as the digital mirror of a classic "sit-in" protest. It was a way for a David to strike back at a Goliath through technology. However, this, ahem, "sassy" political activism began an arms race that today is dominated by Goliaths alone. Instead of a tool of protest, denial of service attacks are today tools of retribution and ways to mute dissenting voices. They are massively automated and distributed, and are run not by rowdy bands of dissidents, but by well-organized for-hire groups (https://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed...) and even from government infrastructures.
The only defense, so far, has been equally massive, and centralized, commercial services. This is a growing industry with its own round of disruptive innovators all to itself. This current business innovation is helping to move from the monolithic services protecting online infrastructures at high costs to a more scalable model, with services that smaller websites can benefit from. Still, back-end models are the same - providing shelter from DDoS attacks by having sufficient servers and bandwidth to absorb whatever their proprietary tools and filters cannot outright block.
Open source models to fight back have been conspicuous in their absence - until now.
The Deflect Project, created by the eQualit.ie technology collective based out of Montreal and Dublin, is responding to that gap. They focus on providing protection for activists and journalists around the world, who are subject to DDoS attacks from those who disagree with their views all the way to their own governments. Thanks to grant funding, Deflect is able to offer their services for free to independent media sites, NGOs and non-profits -- but the technology model under the hood is the real game-changer.
Submitted by Jon on Mon, 11/19/2012 - 12:51
Create pro-consumer mobile technology and open up a new market of multi-platform and platform-agnostic users who want the best devices.
The Washington Post ran a great article on the increasing problems of vendor lock-in with tablets and mobile devices. In simple language it boils down the problem around why buying an app for one device doesn't give you access to that app anywhere else; if you switch from an iPhone to an Android phone, you'll have to re-buy your apps, and your iTunes content. This partially is lock-in, but there's also a halo-effect - you can transfer an app from on iPhone to a new iPhone, or content from your desktop iTunes to your iWhatever - and the more devices from the same vendor, the better the system works.
But this is a horrible direction to take, and why I rarely buy apps or content from locked-down stores like iTunes. My desktop computer runs Ubuntu Linux, my tablet Android, and my phone is an iPhone. The media server for our house is a Mac Mini, and I finally retired my hold-out Windows computer last year. I refuse to buy music that I can only listen to on one of those myriad devices any more than I'd buy a CD that only plays in my car, but not in my home, or food that I could eat in the kitchen, but not in the dining room or on a picnic.
By and large, I'm a good target demographic - some discretionary income, a gadget afficionado, and generally plugged in to fun new technologies, but my market is rarely well served.
Submitted by Jon on Thu, 10/27/2011 - 08:37
I will be discussing the tech trends from 2011 and looking forward to what 2012 holds for us with a fine group of panelists during DCWeek. Our panel still has some free tickets left - RSVP at http://www.meetup.com/net2dc/
Want to get in the action early? Join our thread over at Quora.
Read more about the event at DCWeek: http://bit.ly/dcweektechtrends1108
Submitted by Jon on Fri, 04/22/2011 - 09:14
Unsurprisingly, the Libyan cell network is built to be Tripoli-centric, "giving him and his intelligence agents full control over phones and Internet" according to the WSJ. If that's not a stark reminder of the challenges of using SMS and mobiles in human rights work that I've been concerned about, I don't know what is.
The brilliant response here has been to wrest control over segments of the Libyan mobile network. This has taken some outside effort, external government support, and massive funding - it is, at least for now, successful at creating an independent domestic network with limited external access:
A team led by a Libyan-American telecom executive has helped rebels hijack Col. Moammar Gadhafi's cellphone network and re-establish their own communications.
The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago.
That March cutoff had rebels waving flags to communicate on the battlefield. The new cellphone network, opened on April 2, has become the opposition's main tool for communicating from the front lines in the east and up the chain of command to rebel brass hundreds of miles away.
Submitted by Jon on Tue, 06/30/2009 - 16:30
Wired reminds us that we can rail against and complain about the intrusive, privacy-destroying and free-speech-threatening monitoring that Iran has been employing against the protestors over the past few months, but we have to remember two things. First, US and European companies provided the hardware and software to Iran for them to do this. Second - our own government does the same thing, and we should stop it.
Regarding the first problem, bipartisan Senators are proposing a ban on government contracts to companies caught selling such technology to Iran, and it's technically illegal for US companies anyhow (which might not be stopping everyone, and appears to be using Secure Computing's (now McAfee) SmartFilter according to the Open Net Initiative's testing.
Submitted by Jon on Sun, 06/14/2009 - 10:01
The Daily Dish reposts a call to action from Twitter: ALL internet & mobile networks are cut. We ask everyone in Tehran to go onto their rooftops and shout ALAHO AKBAR in protest #IranElection, and comments:
That a new information technology could be improvised for this purpose so swiftly is a sign of the times. It reveals in Iran what the Obama campaign revealed in the United States. You cannot stop people any longer. You cannot control them any longer. They can bypass your established media; they can broadcast to one another; they can organize as never before.
Submitted by Jon on Thu, 05/28/2009 - 10:54
Here's a hastily-constructed Amazon store of some of the books and essays I've read which provide great insight and contrarian positions to modern development approaches, backed up with hard data, well-written, and sometimes painful reminders of the darker stories of US's history with international development:
Submitted by Jon on Sun, 03/15/2009 - 12:01
Sometimes, I lie awake at night and worry about copyright. I then start worrying if this makes me irreconcilably weird.
I worry both for our American culture, as items have stopped falling into the public domain and becoming available to re-use and re-mix, or simply to re-present for free. If this doesn't seem like a problem, this video on a 6-second drumbeat will blow your mind - especially if you then read this story about an artist being sued for a 1 minute clip of silence making fun of John Cage's 4'33" of silence. The artist ended up settling out of court.
I worry more generally about international trade and development, as we inflict ever-tighter IP regulations on countries we give aid to or trade with - regulations which we scoffed and flouted during our own development.
We're no longer protecting innovation with these laws - we're protecting the first movers (often big, established businesses), and encouraging gaming the patent system to try and get the most generic and sweeping patent accepted.
Submitted by Jon on Tue, 12/18/2007 - 12:14
All I can say is ouch:
It's just that Vista isn't all that good. Many of the innovations the operating system was supposed to bring--like more efficient file and communications systems--got tossed overboard as Microsoft struggled to get the OS out the door, some three years after it was first promised. Despite its hefty hardware requirements, Vista is slower than XP. ... We have no doubt Vista will come to dominate the PC landscape, if only because it will become increasingly hard to buy a new machine that doesn't have it pre-installed. And that's disappointing in its own right.
PC world certainly gives a bleak outlook for Vista. Can I recommend people jump ship and consider Ubuntu Linux or Mac OSX?
Actually, the entire article on the top 15 tech disasters of 07 is enlightening, tho a few are there just to incite debate (the iPhone? Not a disaster). PCWorld seems to be of the opinion (which I share) that Facebook and the social networking crowd are getting long in the tooth and in need of some low-level, seachanging improvements:
We got it. Making connections between friends is cool. Sharing photos and videos, even cooler. But it's all so... 2006. Haven't you got anything new to show us?
Here's a safe bet: Two years from now, 90 percent of these networks will be gone and their founders will be back working at Starbucks. I'll have a double mocha frappucino, please.
Submitted by Jon on Fri, 11/09/2007 - 10:26
"Buying falafel mix does not a terrorist make." The FBI might do well to write that in chalk 500 times, and hope that it sinks in, as they're wasting our money, their time, and invading our privacy while they're at it by trawling through credit card records to find people who shop at middle eastern markets and/or buy middle eastern style food from the larger chains. No, seriously:
Submitted by Jon on Fri, 10/12/2007 - 14:24
JWZ as usual offers good, if acerbic, advice; today on backups:
I am here to tell you about backups. It's very simple.
Option 1: Learn not to care about your data. Don't save any old email, use a film camera, and only listen to physical CDs and not MP3s. If you have no posessions, you have nothing to lose.
Put one of these drives in its enclosure on your desk. Name it something clever like "Backup". If you are using a Mac, the command you use to back up is this:
Submitted by Jon on Mon, 04/23/2007 - 21:09
My geektopia has arrived:
The fridge has now become aware of its contents; and it is capable of establishing direct contact between you and their producers. Like you, the fridge is on the Internet and thus able to get hold of you â€“ even on your mobile. It will let you know what you need to buy if you want to prepare a simmering beef stroganoff; also, it will alert you if you are out of chocolate-and-fruit flavoured ice cream.
But this is as much about security! In case a food producer detects a potential health hazard in a shipment, he can -- via the fridge -- send out a warning and withdraw the product in question.
Version 2.0 of the refrigerator has thus been equipped with a reader on its top shelf -- a reader capable of transmitting in a higher frequency to the RFID tags appended to the foodstuff.
The resonance frequency occurring in the reader on the shelf will build up a tension high enough to transmit a response back to the antenna and â€“ as compared with the 14 centimetres of version 1.0 â€“ the signal now has a range of 22 centimetres.
Ah, if I'd only patented that idea!
Submitted by Jon on Tue, 01/16/2007 - 09:47
From Development Gateway:
X plans to offer 1.2 million of the country's poorest citizens a computer with broadband Internet access for a daily fee of â‚¬1 (US$1.28), to ensure that they have access to the increasing number of government services available online. The government has set ambitious targets for making public services available over the Internet, but is concerned that almost half the population still lacks regular access to the Internet.
Brazil maybe? Mexico? Possibly Bulgaria or even Korea? Nah, it's France.
Submitted by Jon on Mon, 09/18/2006 - 22:48
More tangentially related tech info, my former employers, The University of Texas' Office of Technology Commercialization are hosting their next big conference to feature commercializable UT research. Last years had tech ranging from backpack-totatble HIV/AIDS field testing units to creepily-good evolutionarily-learning AI .
Submitted by Jon on Sat, 08/05/2006 - 15:53
Dan Kaminsky is working on a software testing tool to check to see if your ISP is giving equal quality to all your traffic, or if they are favoring certain types of traffic (VOIP over web pages, or throttling all bittorrent traffic to a crawl) or preferring certain sites (AOL over Google, based on who's paid more).
Submitted by Jon on Sun, 06/04/2006 - 10:13
Russia's copyright law is different from ours. I imagine there's lots of differences in lots of laws, some of which may be distasteful or just odd to anyone but Russian citizens. This is part of being a sovereign nation, with a different set of institutions and a distinct history, you develop laws according to what you need in your society.'
Submitted by Jon on Mon, 02/27/2006 - 21:12
With all this ire suddenly released against Google (have we been waiting for them to prove that they weren't perfect?) Yahoo (it's been a while since we got to tear into them), Microsoft (best punching bag evar, OMGLOL) and Cisco (a not-just-software company, for variety), why is everyone walking gingerly around the elephant in the room?
Filtering software providers. They're (drumroll) overwhelmingly American. To quote Boas:
Submitted by Jon on Fri, 02/24/2006 - 21:13
Der Spiegel, as picked up in YaleGlobal and Eldis's ICT-for-Dev RSS feed reports a (French) worry about "the homogenization and commercialization of culture that could result from the concentration of control in the hands of just a few [US --ed] companies," based on the idea, as said by Chirac, that "There is the threat that tomorrow, what is not available online will be invisible to the world." Chirac's response is a state-sponsored Eur
Submitted by Jon on Wed, 02/22/2006 - 21:15
I think it's abhorrent that China is even sending uniformed patrols to local libraries to enforce what citizens can and cannot read on the often-already-filtered government-supported public terminals.
Wait. Did I say China? I meant the US.
Submitted by Jon on Mon, 02/20/2006 - 21:14
In "Weaving the Authoritarian Web: Liberalization, Bureaucratization, and the Internet in Non-Democratic Regimes," Boas, details primarily Saudi and Chinese control on the Internet.