'Forbes contributor Kalev Leetaru argues that "the encryption debate
is already over -- Facebook ended it earlier this year."
The ability of encryption to shield a user's communications rests upon
the assumption that the sender and recipient's devices are themselves
secure, with the encrypted channel the only weak point... [But]
Facebook announced earlier this year preliminary results from its
efforts to move a global mass surveillance infrastructure directly
onto users' devices where it can bypass the protections of end-to-end
encryption. In Facebook's vision, the actual end-to-end encryption
client itself such as WhatsApp will include embedded content
moderation and blacklist filtering algorithms. These algorithms will
be continually updated from a central cloud service, but will run
locally on the user's device, scanning each cleartext message before
it is sent and each encrypted message after it is decrypted. The
company even noted that when it detects violations it will need to
quietly stream a copy of the formerly encrypted content back to its
central servers to analyze further, even if the user objects, acting
as true wiretapping service...
If Facebook's model succeeds, it will only be a matter of time before
device manufacturers and mobile operating system developers embed
similar tools directly into devices themselves, making them impossible
to escape... Governments would soon use lawful court orders to require
companies to build in custom filters of content they are concerned
about and automatically notify them of violations, including sending a
copy of the offending content. Rather than grappling with how to
defeat encryption, governments will simply be able to harness social
media companies to perform their mass surveillance for them, sending
them real-time alerts and copies of the decrypted content.
Putting this all together, the sad reality of the encryption debate is
that after 30 years it is finally over: dead at the hands of Facebook.
If the company's new on-device content moderation succeeds it will
usher in the end of consumer end-to-end encryption and create a
framework for governments to outsource their mass surveillance
directly to social media companies, completely bypassing encryption.
In the end, encryption's days are numbered and the world has Facebook
to thank. '
-- source: https://it.slashdot.org/story/19/07/27/206248
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Apple makes it easy for people to locate lost iPhones, share Wi-Fi
passwords, and use AirDrop to send files to other nearby devices. A
recently published report demonstrates how snoops can capitalize on
these features to scoop up a wealth of potentially sensitive data that
in some cases includes phone numbers.
Simply having Bluetooth turned on broadcasts a host of device details,
including its name, whether it's in use, if Wi-Fi is turned on, the OS
version it’s running, and information about the battery. More
concerning: using AirDrop or Wi-Fi password sharing broadcasts a
partial cryptographic hash that can easily be converted into an
iPhone’s complete phone number. The information—which in the case of a
Mac also includes a static MAC address that can be used as a unique
identifier—is sent in Bluetooth Low Energy packets.
The information disclosed may not be a big deal in many settings, such
as work places where everyone knows everyone anyway. The exposure may
be creepier in public places, such as a subway, a bar, or a department
store, where anyone with some low-cost hardware and a little know-how
can collect the details of all Apple devices that have BLE turned on.
The data could also be a boon to companies that track customers as
they move through retail outlets.
As noted above, in the event someone is using AirDrop to share a file
or image, they’re broadcasting a partial SHA256 hash of their phone
number. In the event Wi-Fi password sharing is in use, the device is
sending partial SHA256 hashes of its phone number, the user’s email
address, and the user’s Apple ID. While only the first three bytes of
the hash are broadcast, researchers with security firm Hexway (which
published the research) say those bytes provide enough information to
recover the full phone number.'
-- source: https://arstechnica.com/information-technology/2019/08/apples-airdrop-and-p…
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'As open source software grows more popular, and important, developers
face an existential question: How to make money from something you
give away for free? An anonymous reader shares a report:
The Open Source Initiative standards body says an open source license
must allow users to view the underlying source code, modify it, and
share it as they see fit. Independent developers and large companies
alike now routinely release software under these licenses. Many coders
believe open collaboration results in better software. Some companies
open their code for marketing purposes. Open source software now
underpins much technology, from smartphone operating systems to
government websites.
Companies that release software under open source licenses generate
revenue in different ways. Some sell support, including Red Hat, which
IBM acquired for $34 billion earlier this month. Others, like cloud
automation company HashiCorp, sell proprietary software based on the
open source components. But with the rise of cloud computing,
developers see their open source code being bundled into services and
sold by other companies. Amazon, for example, sells a cloud-hosted
service based on the popular open source database Redis, which
competes with a similar cloud-hosted service offered by Redis Labs,
the sponsor of the open source project. To protect against such
scenarios, companies behind popular open source projects are
restricting how others can use their software. Redis Labs started the
trend last year when it relicensed several add-ons for its core
product under terms that essentially prohibit offering those add-ons
as part of a commercial cloud computing service.
That way, Amazon and other cloud providers can't use those add-ons in
their competing Redis services. Companies that want the functionality
provided by those add-ons need to develop those features themselves,
or get permission from Redis Labs. [...] Analytics company Confluent
and database maker CockroachDB added similar terms to their licenses,
preventing cloud computing companies from using some or all of their
code to build competing services. Taking a slightly different tack,
MongoDB relicensed its flagship database product last year under a new
"Server Side Public License" (SSPL) that requires companies that sell
the database system as a cloud service also release the source code of
any additional software they include.'
-- source: https://news.slashdot.org/story/19/08/01/1522211
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
