Facebook Wants Access to Your Nude Photos to “Protect You”!

In a somewhat strange proposal, Facebook wants you to send it sexually explicit photos of yourself to prevent revenge porn.

“It’s demeaning and devastating when someone’s intimate images are shared without their permission, and we want to do everything we can to help victims of this abuse. We’re now partnering with safety organizations on a way for people to securely submit photos they fear will be shared without their consent so we can block them from being uploaded to Facebook, Instagram, and Messenger.”

The idea was already trialed in Australia and is being rolled out in the UK this week. Facebook says that the US and Canada also will be included in the trial program, which goes something like this:

• If you find a revenge photo of yourself on the internet, then you can send a copy of it to Facebook.

• The picture will be reviewed by “one of a handful of specifically trained members of our Community Operations Safety Team”. This team member will create a unique fingerprint of the photo known as a hash.

• This hash is stored in a database. If anyone else uploads the same image to Facebook, Instagram and Messenger (i.e., an image that has the same unique hash “fingerprint”) then it will be recognized and automatically removed.

Users can also pro-actively send photos they dread being posted as revenge porn.

The idea sounds reasonable at the beginning but has two significant issues.

It is Unconvincing

The data from Australia’s trials has not been publicized yet, but Facebook stresses similar schemes have had success at checking the spread of terrorist propaganda and child abuse images.

The problem lies in the fact that hashes are very particular to the data being hashed. Guardian reports the hashes are good enough not to “get fooled by simple alterations such as color tweaks, watermarks or crops.” But there are doubts.

The fact that even the tiniest change to the input data will create a non-identical hash is the cornerstone of internet security: hashes are used to ensure the integrity and authentication of data.

Even if true, it would still be quite easy to modify an image adequately to “fool” Facebook’s hash detection software. There are numerous combinations of changes that could render hashing ineffective.

Other problems include distribution as by the time you discover revenge porn of yourself on the internet; it will probably have been shared already ruining your life.

The proactive uploading of images can work if you have possession of the comprising images. But in most revenge porn scenarios, this just isn’t the case.

Facebook Scandal! Remind You of Something?

Facebook’s total business model is based around finding as much information as it can about you to target even more personalized ads at you.

We are talking about a company that was recently in the news for a privacy disaster and this week a new court summoning for reading messages, tracking peoples’ location, and accessing photos on phones. The gathering of data from users without their consent is something well documented, but it is the collection of data about people who have never signed up to Facebook that make it outright creepy.

This scheme is contradictory in itself because of what Facebook is!

If you have concerns about or have been a victim of revenge porn, then you should contact an organization such as one of those listed below:

National Network to End Domestic Violence (NNEDV) (US)

Cyber Civil Rights Initiative (US)

Revenge Porn Helpline (UK)

Office of the eSafety Commissioner (Australia)

YWCA Canada(Canada)

 

SS7 Cell Network Extensively Exploited by “Nefarious Actors”

“I don’t think most Americans realize how insecure US telephone networks are. If more consumers knew how easy it is for bad guys to track or hack their mobile phones, they would demand the FCC, and wireless companies do something about it. These aren’t just hypotheticals.”

The above statement was made last week by Senator Ron Wyden (D-Ore.) after getting a letter from the Department of Homeland Security warning that “nefarious actors may have exploited” worldwide cellular networks “to target the communications of American citizens.”

Wyden on Tuesday explained the issue in a separate letter to Ajit Pai, chairman of the Federal Communications Commission (FCC) responsible for regulating interstate communications:

“Hackers can exploit SS7 flaws to track Americans, intercept their calls and texts, and hack their phones to steal financial information, know when they are at home or away, and otherwise prey on unsuspecting consumers. Moreover, according to multiple news reports, SS7 spying products are widely available to both criminal and foreign governments.”

Disturbingly, the letter reveals that:

“This threat is not merely hypothetical – malicious attackers are already exploiting SS7 vulnerabilities. One of the major wireless carriers informed my office that it reported an SS7 data breach, in which customer data was accessed, to law enforcement.”

There is no clarity whether the warning refers to state-sponsored entities acting for political gain or criminal hackers for financial benefit. It is also unclear who the wireless carrier is and the extent of the breach.

What is SS7?

Signaling System No. 7 (SS7) is a set of signaling protocols that provide the backbone for all mobile phone communication everywhere in the world. It enables phone networks to communicate among themselves to connect users and pass messages between systems, ensure correct billing, and to grant users to roam on other networks.

Image result for ss7

 

SS7 system, first developed in the 1970s is old in technological terms. Critically, no-one at the time thought of building any security measures into it.

It was known to be insecure at least 2008 onwards, and the situation has worsened in recent years. Previously there were only a few mobile networks, and now there are literally thousands worldwide. The industry made no changes as the risks were accepted to be purely theoretical.

This altered in 2014 when vulnerabilities in SS7 enabled hackers to record a somewhat embarrassing secret unencrypted phone conversation between the US ambassador to Ukraine, Geoffrey Pyatt, and US Assistant Secretary of State, Victoria Nuland, in which Pyatt was highly critical of the EU.

It was believed that using encrypted messaging apps such as WhatsApp, Facebook Messenger, Google Hangouts, and Viber, would secure communications.

However, in 2016, a security researcher showcased how hackers with access to the SS7 network could spoof users’ identities and set up fake accounts which would grant them access to messages belonging to users of many messaging apps that rely on phone numbers to authenticate users.

In 2017 O2 Telefonica in Germany confirmed that criminals used the SS7 network to bypass SMS-based two-factor authentication (2FA) to steal money from bank accounts.

Action Time?

Wyden lettered to the FCC urging the regulator to address the problem accurately and to compile a list of SS7 violations known to have happened over the last five years.

This is not the first instance for a call-to-action as in 2016, US congressman Ted Lieu (D-Calif.) made a similar plea, calling for an oversight committee investigation into SS7:

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials. … The vulnerability has serious ramifications not only for individual privacy but also for American innovation, competitiveness, and national security. Many innovations in digital security – such as multi-factor authentication using text messages – may be rendered useless.”

The investigation took place, but the FCC working group responsible for it mainly comprised of telecoms industry lobbyists and not a single academic expert.

The SS7 -Spies Love It!

Initial concerns over the SS7 network was tracking; now there are fears of personal data being accessed from just about every phone user in the world.

As said earlier, it can be used to intercept encrypted communications and 2FA security measures.

According to the Washington Post, “American, Chinese, Israeli and Russian intelligence agencies are the most active users of SS7 surveillance.”

Just this month news came out that US police can find the location of any phone in the country in seconds thanks to SS7. Worse still, barely days after this revelation came to light it was reported that this information was quite easy for hackers to access.

SS7 is a double-edged sword because security companies around the world thrive selling SS7 hacking tools to governments, police forces, and criminals with even benefitting from it. Brian Collins, chief executive of AdaptiveMobile Security, told the Washington Post about this.

Even with the knowledge of SS7 being a threat to US national security, it appears that the US government is least bothered about the problem. The driving factor could be that of SS7’s mass-surveillance capabilities which are too precious to kill off.

 

Russia Wants Apple to Remove Telegram from its App Store

Putin’s government is pressuring Apple to remove Telegram from its App Store as part of their continued effort to curb the use of the popular encrypted messenger.

Russia’s telecoms watchdog Roskomnadzor has threatened Apple – warning that if it does not remove Telegram, the App Store itself could be blocked throughout Russia.

The threats come in between revelations that Telegram’s use in Russia remains high despite Putin’s attempts to block it. The blockade is in place because of Telegram founder Pavel Durov’s refusal to give Putin encryption keys that would allow Putin to snoop on communications.

Kremlin reports ISIS uses Telegram to plan attacks. This is a fact that sparked the widespread use of Telegram in Russia in the first place.

Telegram lost its recent court appeal but refuses to hand over the encryption keys, claiming it doesn’t have them.

Block or Be Blocked

Image result for telegram

Roskomnadzor wants Telegram removed from the App Store and also has requested Apple to stop serving Russian Telegram users push notifications. The document reads: “To avoid possible actions by Roskomnadzor to disrupt the functioning of the above services, Apple, Inc. we ask you to inform us in the shortest possible time about further actions of the Company aimed at solving these problem issues.”

So despite Kremlin’s efforts, it appears that many Russians are still using VPNs and Telegram.

Until now, Putin’s government has blocked IP addresses used by Google Cloud and Amazon Web Services in efforts to shut down Telegram. Now, Roskomnadzor has Apple in its sights.

Why the Commotion?

Image result for target

Putin has insisted that he wants access to Telegram messages for national security, but the general perception is that he wants to snoop on political opponents and dissidents as it is believed that opponents often use Telegram to communicate.

News recently broke about French authorities charging a suspect with scheming a terror attack. In that incident, Paris police cited messages sent with Telegram as evidence in the case. This has led to security experts questioning whether French authorities have a Telegram backdoor (or access to the keys directly from Telegram or via UK intelligence/14 Eyes).

If that is true, then one can’t help but wonder whether Durov is secretly working with British, French, and perhaps other government agencies, which would mean there is more to Russia’s Telegram blockade than meets the eye.

What’s Next?

Russia has given Apple a one-month ultimatum.

Russia also blocked another 50 VPN services in May to further restrict Telegram use.

Putin Urged to Investigate Damage Caused by Telegram Web-Blocking

Internet Ombudsman Dmitry Marinichev presented a report to President Vladimir Putin, saying there ought to be an investigation into the actions of Roscomnadzor after it tried to block Telegram last month. Marinichev noted that Roscomnadzor neglecting damage assessment meant millions of innocent IP addresses were caught up in the dragnet.

The Internet became a battleground once Telegram was banned in Russia by a Moscow court last month.  Image result for security camera

On Roscomnadzor’s instructions, ISPs blocked Telegram in Russia by blackholing millions of IP addresses. It was a shamble. Completely reliable services faced the brunt, while Telegram remained online anyway.

Roscomnadzor has partly cleaned up the mess these past few weeks by removing innocent Google and Amazon IP addresses from Russia’s blacklist. The collateral damage, however, was so massive there have been questions raised regarding the watchdog’s entire approach to web-blockades.

The matter looks set to skyrocket because of the annual report presented this week to President Vladimir Putin by business ombudsman Boris Titov. ‘The Book of Complaints and Suggestions of Russian Business’ has statements from Internet expert Dmitry Marinichev, who said the Prosecutor General’s Office should launch an investigation into Roscomnadzor’s actions.

Marinichev said while trying to bring down Telegram with hostile technical means, Roscomnadzor relied upon “its own interpretation of court decisions” to give direction, reported TASS.

“When carrying out blockades of information resources, Roskomnadzor did not assess the related damage caused to them,” he said.

Over 15 million IP addresses were blocked; many of them had no relations to Telegram operations. Marinichev stated the collateral damage suffered by innocent people was catastrophic.

“[The blocking led] to a temporary inaccessibility of Internet resources of a number of Russian enterprises in the Internet sector, including several banks and government information resources,” he reported.

Advising the President, Marinichev proposed that the Prosecutor General’s Office ought to look into “the legality and validity of Roskomnadzor’s actions” which led to the “violation of availability of information resources of commercial companies” and “threatened the integrity, sustainability, and functioning of the unified telecommunications network of the Russian Federation and its critical information infrastructure.”

Starting of May, reports came in that along with various web services, around 50 VPN, proxy and anonymity platforms had been blocked for providing access to Telegram. News on May 22 had seen that number swell to over 80 although ten were later after they terminated access to Telegram.

Currently, Roscomnadzor is carrying on with its efforts to block access to torrent and streaming platforms. It freshly ordered ISPs to prevent at least 47 mirrors and proxies giving access to previously blocked sites.

BPI Calls for Piracy Crackdown Under New UK Internet ‘Clean-Up’ Laws

This week, Matt Hancock, Secretary of State for Digital, Culture, Media, and Sport, stated new measures would be taken to clean up the ‘Wild West’ elements of the Internet.  Music group BPI responded by saying says the government should use the opportunity to tackle piracy with advanced site-blocking measures, repeat infringer policies, and new responsibilities for service providers.Image result for bpi

The UK Government has for the past several years expressed a strong desire to “clean up” the Internet.

There has been an intense emphasis on making the Internet safer for children, but that’s just the tip of the iceberg.

This week, the Government responded to the Internet Safety Strategy green paper, stating unequivocally that more needs to be done to tackle “online harm”

Considering every six out of ten people face “online harm”, the government while working with social media companies to protect users had seen positive results but the overall outlook has been below par.

For this reason, the Government will introduce new legislation, albeit with the assistance of technology companies, children’s charities and other stakeholders.

The Government has cleared that it wishes to tackle “the full range” of online harms, even though the emphasis is being placed on cyberbullying and online child exploitation. This move has been warmly received by UK music group BPI and thereby requesting the Government to introduce new measures to tackle Internet piracy.

BPI chief executive Geoff Taylor in a statement issued this week welcomed the move towards legislative change and urged the Government to encompass the music industry and beyond.

The BPI has published four initial requests.

  • Establish a new fast-track process for blocking unauthorized sites.
  • Compel online platforms to stop content from being re-posted after it’s been taken down while removing the accounts of repeat infringers.
  • Fines for “online operators” who do not give “transparent contact and ownership information.”
  • Pass laws for a new “duty of care” for online mediators and platforms.

To be published later this, the Department for Digital, Culture, Media & Sport and the Home Office will work on a White Paper to pass laws to tackle “online harms”. The BPI and similar entities will hope that the Government will also do the same.

 

New Zealand’s New Privacy Bill

A new privacy bill is going through the parliament in New Zealand with the legislation initially proposed back in March. The bill aims to revoke the Privacy Act of 1993 which is outdated.

This Thursday, May 24, public submissions for the new bill will end, and it will be inspected by the Select Committee to determine whether amendments are necessary. The government is hoping the new law will “promote people’s confidence that their personal information is secure and will be treated properly”.

Enhanced Privacy for New Zealanders

John Edwards, New Zealand’s Privacy Commissioner did go on record stating that he hopes the new privacy law will give the government “meaningful enforcement powers, such as an ability to seek fines for serious non-compliance”.

Edwards believes much like European counterparts New Zealand too should make it mandatory for companies to disclose when data violations occur. Any failure to report violations will result in fines reaching $10,000 for businesses that do obey.

This will be critical in making New Zealand based firms alert to data breaches and cyber-attacks.

Edwards also wants the new legislation to address automated processes “that can affect access or entitlement to goods and services”.

Why Not Before?

New Zealand Law Commission in 2011 had recommended an update to the Privacy Act, but nothing happened. So, one could suggest the EU’s GDPR legislation played its part in making this bill a reality.

This is a good sign for digital privacy around the world.

Immaculate Timing

The timing couldn’t have been any better considering the ongoing revelations about corporate data mining such as Facebook.

The recent Cambridge Analytica disaster shed light on how corporations are mining data through social media.

Taking into consideration the many other incidents that have taken place over the years it is safe to say that New Zealand’s legislation bill is so vital.

What’s Next?

This Thursday, the bill will go back to the select committee to address any pending issues. After that, the legislation will be revised for a second reading. Then, the Committee of the Whole House will go through the bill before third reading. In this stage, the bill will get Royal Assent and be passed into law.

How the CLOUD Act Grants any Country to Pry on You

Cloud Act introduced by US senators in February 2018 dramatically harms the digital rights of people.

What Is The CLOUD Act?

The Clarifying Overseas Use of Data (CLOUD) Act is a bilateral agreement between the US and foreign countries to overlook each other’s digital privacy laws.

The Act would authorize the US government to request “the contents of a wire or electronic communication and any record or other information.” So it essentially means the US could ask services and tech giants to hand over user data and not need to follow that particular country’s privacy laws.

Agreements Between the US and other Countries

Anyone who is not a US citizen or located in the US could be pried on. US government’s Executive Agreements with other countries in the second part of the bill permits both the US and the other country to neglect each other’s privacy laws.

The CLOUD Act and US Favoritism

This Act is US favored because while non-US countries are expected to uphold the privacy of US-born citizens, the US themselves have full liberty to pry on anyone they see it.

What options are there against this prying Act?

Mutual Legal Assistance Treaties or MLAT is a system that lets authorities around the world to collaborate on data that is stored beyond their jurisdiction. It is designed to help authorities cooperate.

The authorities can request data, but it should meet the laws of the country that data is located in because the citizens right to privacy cannot be compromised.

MLAT exists to harbor cooperation between countries, whereas CLOUD Act is highly debatable.

Closing

The CLOUD Act if passed is a scary bill as it will take away the digital rights of people. The present MLAT system should be bolstered to protect users across the world instead of establishing a new system or Act.

Internet Association Criticizes MPAA’s ‘Crony Politics’

The Internet Association consisting of several large technology companies criticized the MPAA. They accused MPAA of using Facebook’s controversy for “rent seeking” and “accomplice politics” to promote its own interests in a letter to the House Energy and Commerce Committee.

In April, MPAA Chairman and CEO Charles Rivkin used Facebook’s privacy disaster to scrutinize Internet’s current state.

Rivkin wrote “The Internet is no longer nascent – and people around the world are growing increasingly uncomfortable with what it’s becoming,” when lettering it to several Senators, connecting Internet-related privacy violation to regulation, immunities, and safe harbors.

The head of Hollywood’s chief lobbying group concerned about Facebook users is a good thing, but not everyone is convinced.

For some, the MPAA is merely exploiting the fiasco to grow its own unrelated interests.

The Internet Association is a US-based organization comprising many prominent members including Amazon, Facebook, Google, Reddit, Twitter, and Yahoo.

The MPAA criticized these companies, named or not, which made the Internet Association respond.
Internet Association president and CEO, Michael Beckerman, in a public letter to House Energy and Commerce Committee Chairman Greg Walden, scourged the MPAA and similar lobbying groups by stating these groups hijack the regulatory debate with anti-internet propaganda.

Beckerman writes “Look no further than the gratuitous letter Motion Picture Association of America, Inc. Chairman & CEO Charles Rivkin submitted to the Energy and Commerce Committee during your recent Zuckerberg hearing.”

Beckerman: “The hearing had nothing to do with the Motion Picture industry, but Mr. Rivkin demonstrated shameless rent-seeking by calling for regulation on internet companies simply in an effort to protect his clients’ business interest.”

The Internet Association CEO added rent-seeking efforts are part of the “crony politics” used by “pre-internet” companies to protect their old business models.

“This blatant display of crony politics is not unique to the big Hollywood studios, but rather emblematic of a broader anti-consumer lobbying campaign.

Many other pre-internet industries —telcos, legacy tech firms, hotels, and others — are looking to defend old business models by regulating a rising competitor to the clear detriment of consumers.”

The crack between Silicon Valley and Hollywood is wide open.

The MPAA and other copyright industry groups want stricter regulation so that Internet companies are held accountable. However, privacy is not their primary focus.

They want internet giants to prevent privacy and compensate rightsholders. But, to use Facebook’s privacy disaster to bring this message forward was a good thing or not is something up for debate.

The Internet Association hit back at the MPAA’s efforts, but it did admit that more has to be done for internet privacy.

Telegram Messenger Know-how and Accessibility

In the last few months Telegram Messenger, a messaging app has garnered immense popularity, especially within the cybersecurity community. It offers entirely end-to-end encrypted messaging and is available for both iOS and Android.

Telegram Founder

In the last few months Telegram messenger, a messaging app has garnered immense popularity, especially within the cybersecurity community. It offers entirely end-to-end encrypted messaging and is available for both iOS and Android. VKontakte, a Russian social network created in 2006 was what brought him to the limelight. He and his brother co-founded Telegram in 2013.

Durov currently lives in Dubai as he left Russia in 2014 because he rejected handing over information about pro-Ukrainian activists to the Russian government.

Telegram Encryption

First of all, encryption protocol is open-source, but the moment changes are made it is updated. Next, many security conscious users are left nervous as server-side encryption is wholly closed-source and proprietary.

It makes many security professionals wonder as to why Telegram uses its protocol which is not proven to be safe like other more reputed protocols.

The messages are not default encrypted which an average user may not know if so enable this option if you are going to use the app.

Telegram Banned by Russia

Russia has banned the use of Telegram as it felt necessary to crack down on things like terrorism.

The court banned Telegram, but it has not been able to block the app. Twitch and Spotify have instead faced the cut in the process. More than 19 billion IP addresses have been banned, but Telegram seems to find a way around it.

Cryptocurrency Next on Telegram’s Plan

Telegram having made a hefty $1.7 billion so far this year have the finances to invest in emerging technologies. One of their ongoing projects is to develop a blockchain themed app that will bolster the security of their service.

Best Telegram Alternatives

Telegram’s security choices are something many find difficult to digest, but thankfully there are some worthy alternatives.

The Signal app is the most popular alternative as it uses open-source whisper encryption tool. It ensures the app isn’t doing something untoward with your messages. Though not as immersive as Telegram, it holds up pretty well.

Closing

Telegram may not be the most secure messaging app, but it is a great app nonetheless. Telegram is an excellent choice if you are looking for a smooth app with encrypted communications.

For optimal security, Telegram may not be the best option for you.

Telegram adoption, however, is a step in the right direction as it’s showcasing that people are more serious about their online privacy than ever before.

 

Forecasting Online Privacy After Facebook’s Senate Investigation

Mark Zuckerberg was brought before the United States Senate for an investigation into how his company handles its users’ confidential data a few weeks back. It seems apart from Mr. Zuckerberg being shred into by enraged Senators nothing much came out of it. In this report, we’ll hypothesize on how internet privacy rules may or not change as a result of this trial.

Reactive Encouragement by Social Media

It was apparent, and in the days since the Senate investigation, it has happened as expected. Facebook, Instagram, Reddit, Twitter, and other social media sites have put up notifications and statements to comfort you that they do care about your privacy and security. Facebook’s “Privacy Commitments” and Security Check-Ups have been appearing more on users’ timelines, Twitter displayed a notice at the page top, and other websites are doing the same. It is merely a knee-jerk PR move since the users now all of a sudden care about their online privacy. Before you know it, the public will have moved on to the next issue as it’s highly doubtful whether anything groundbreaking will come out of this.

Short Notice from Lawmakers Prior to Moving On

Political figures at all levels are speedily capitalizing on the latest controversial issue by taking a leaf out of the Senate’s denouncement of Facebook’s practices. Hollow clichés and assurances can be found on the Twitter feed of ex-presidential candidates, governors, and even down to local city council members. But, like social media platforms, it’s unlikely these political figures will do anything of value to back up their claims. The only thing that has come of it is that Net Neutrality has gained a slight momentum, but no new laws were passed or introduced.

How Can I Take Action on this Matter?

How can you emphasize and muster support for online privacy as public attention is fading away quickly? Write to your government representatives at every tier as this is the first and most natural step. Start with your city council, mayor, and state representatives and senators, then move up to the governor, federal representatives and senators, and a Change.org petition if need be. Do it yourself! Don’t wait on others.

Millions of accounts went dark in a week as #deletefacebook movement garnered tremendous support. One less account equals one less revenue from ads and selling your data.

To close, it’s apparent nothing significant has come out of Facebook’s investigation, but there are still things you can do even though it’s losing public attention.