Priviliged access to encrypted communication: why not.

Bruce Schneier on why it’s not a good idea to have “priviliged access” to eavesdropping on encrypted communication:

The basic problem is that a backdoor is a technical capability — a vulnerability — that is available to anyone who knows about it and has access to it. Surrounding that vulnerability is a procedural system that tries to limit access to that capability. Computers, especially internet-connected computers, are inherently hackable, limiting the effectiveness of any procedures. The best defense is to not have the vulnerability at all.

The examples of what we know has happened already illustrate why giving “the good guys” a backdoor will make us all less safe.

Source: Evaluating the GCHQ Exceptional Access Proposal


“Why today’s Aadhaar judgement matters for data justice”

Separating “citizen – government” and “consumer – supplier” relations: when the government’s system is based on monetizing the data with the private sector.

Today India’s supreme court issued a judgement on the constitutionality of Aadhaar, the world’s largest biometric database. Aadhaar is complicated, but here’s the gist: for nearly ten years, public welfare and administrative records have been feeding into a biometric database that had its roots in a private-sector company, Infosys.

Source: Why today’s Aadhaar judgement matters for data justice


It’s “Google Chrome” so Google decides on your privacy. The new Firefox, especially with multi-account containers, offers a great alternative.

Trust is not a renewable resource

If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me? What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?

Source: Why I’m done with Chrome


European datacenter is no solution, recent developments show

NextCloud’s blog has an overview of where things seem to go with US companies storing data on European servers. (Hint: “Trump”).

Many Software-as-a-Service companies from abroad are currently setting up European data centers, often together with European partners. With this, they hope to ease the growing European concerns around privacy, data protection and complying with existing and upcoming regulations like the EU General Data Protection Regulation (GDPR). But recent developments in US courts show this to be a risky proposition: the problem of privacy is far from resolved by ‘just’ putting data in Europe. For companies betting on Privacy Shield, using services from US companies directly or through an intermediary storing data in Europe, all this is very bad news.

Source: European datacenter is no solution, recent developments show – Nextcloud


Using Ultrasonic Beacons to Track Users – Schneier on Security

Quoting Schneier:

The idea is for devices like televisions to play ultrasonic codes in advertisements and for nearby smartphones to detect them.

Quoting from the linked article:

We spot ultrasonic beacons in various web media content and detect signals in 4 of 35 stores in two European cities that are used for location tracking. While we do not find ultrasonic beacons in TV streams from 7 countries, we spot 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user’s knowledge.

Source: Using Ultrasonic Beacons to Track Users – Schneier on Security


Banned In Germany: Kids’ Doll Is Labeled An Espionage Device

Wonderful: a doll that records everything it hears, sends it to a company in the US that also does voice recognition for spy agencies, and sells it to companies so they can let the doll talk back to your kids about for instances Disney movies they should see.

The doll Cayla looks like an everyday toy and gives no notice that it collects and transmits everything it hears, German regulators say.

Source: Banned In Germany: Kids’ Doll Is Labeled An Espionage Device : The Two-Way : NPR


How easy is it to securely leak information to some of America’s top news organizations?

Good to spread the manual… leaking is pretty much a “standardised process” by now:

One quick download and a codename: If I can use SecureDrop, you can do it too.

Source: How easy is it to securely leak information to some of America’s top news organizations? This easy » Nieman Journalism Lab

They link to a video explaining the same thing: