Data Privacy Bill: Commercialising Our Data and Weakening Our Privacy

The world is far more interconnected than ever before, with 60% of the world’s population connecting to the internet. With wireless connectivity and cheap smartphones, the number of Indians connecting to the internet today is more than 70% of the population. While most people may believe that they connect to the internet, in reality, they connect to either Google or Facebook and to each other via these digital monopolies. People may remember the attempt by Facebook in India to introduce a truncated internet calling it Free Basics, which failed due to the collective resistance of the people. In 65 countries, unfortunately, Facebook succeeded in introducing Free Basics. Most who are on it believe that the Facebook world is the internet.

It is this ability to access the users and collect their data that gives Google and Facebook the dominant position they enjoy in the advertising world. Already, digital ad revenues are poised to overtake all other forms: television, print and radio combined. And Google and Facebook have emerged as duopolies in the digital advertising space. Google and Facebook can convert their monopoly power over search engines and social media into dominance over all other advertising players. This is a threat to all other media organisations that depend on advertisements. This is the reason that in the US, the UK and the EU, regulatory and legal action has been initiated to break Google and Facebook’s monopolies in advertising.

In India, the Modi government has been unwilling to confront the US duopoly of Google and Facebook. With the revelations from Facebook whistleblowers Sophie Zhang and Frances

— source | Prabir Purkayastha | 15 Dec 2021

Nullius in verba

Teaching Cybersecurity in an Age of ‘Fake Security’

I teach cybersecurity. It’s something I really believe in, but it’s hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset – like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a “proof” after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky’s law (“there’s always one more bug”). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which “the terrorists always win”. Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of

— source | Andy Farnell | 11.29.21

Nullius in verba

Immunity Passports Are a Threat to Our Privacy and Information Security

With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel.

Several countries and U.S. states, including the UK, Italy, Chile, Germany, and California, have expressed interest in so-called “immunity passports”—a system of requiring people to present supposed proof of immunity to COVID-19 in order to access public spaces, work sites, airports, schools, or other venues. In many proposed schemes, this proof would be stored in a digital token on a phone. Immunity passports would threaten our privacy and information security, and would be a significant step toward a system of national digital identification that can be used to collect and store our personal information and track our location.

Immunity passports are purportedly intended to help combat the spread of COVID-19. But there is little evidence that they would actually accomplish that.

On a practical level, there is currently no test for COVID-19 immunity; what we have are antibody tests. But we don’t know whether people with antibodies have immunity.

— source | Alexis Hancock and Karen Gullo | May 28, 2020

Nullius in verba

Truth about ProtonMail

1. Protonmail Behaves like a CIA/NSA “Honeypot”
2. Protonmail Does Not Provide “End to End Encryption”
3. Protonmail’s Was Created Under CIA/NSA Oversight
4. Protonmail is Part Owned by CRV and the Swiss Government
5. CRV, In-Q-Tel & the CIA
6. Protonmail Follows CIA Email format & Metadata Requirements
7. Swiss MLAT Law Could Give the NSA Full Access
8. Protonmail Uses Radware for DNS/DDOS Protection
9. Protonmail Developers Do Not Use Protonmail
10. Protonmail engages in illegal cyberwarfare
11. Protonmail has a history of Dishonesty

— source | Feb 18, 2021

Nullius in verba

Ethical Problems With Modern Cars Containing Proprietary Software That Drivers Cannot Remove/Replace

THE folks lurking in our IRC channels have likely seen this recurring theme; cars and the things that nowadays go into new cars concern us. It’s not limited to what insurance companies are doing; drivers aren’t the sole targets of surveillance and remote control, either. Passengers in cars too are affected.

There are several dimensions to this problem, or several separable aspects. Spying in cars is a big and largely unexplored issue; but it’s not the only one. Many of today’s cars can be remotely controlled; if not by design, then by cracking, which in turn replaces the software that runs inside a car. The schemes by which this is done are kept under the veil of “national security” (see for example Vault 7 and Vault 8, especially the codenames/operations that relate to software in cars).

The digitalisation rather than mechanisation (in the physical sense) of car components and their controllers — including windows, brakes, blinkers etc. — should be a cause for concern if it’s all proprietary software. A few years ago, following the wave of trucks running over crowds in terror attacks, suggestions were made for remote controls (or

— source | Roy Schestowitz | 07.03.21

Nullius in verba

Facebook does not plan to notify half-billion users affected by data leak

Facebook Inc did not notify the more than 530 million users whose details were leaked through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday. Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.

— source | Apr 7, 2021

Nullius in verba

60% of School Apps are Sending Student Data to High-risk Third Parties

Me2B Alliance, a non-profit industry group focused on respectful technology, today published a research report to drive awareness to the data sharing practices of education apps associated with schools and school districts in US. According to the research findings, 60% of school apps were sending student data to a variety of third parties, including advertising platforms like Google and Facebook. On average, there were more than 10 third-party data channels per app. Download the report, “School Mobile Apps Student Data Sharing Behavior,” at no charge.

— source | May 4, 2021

Nullius in verba