Tag: privacy

Federal Reserve: desire for cash-like anonymity for digital assets based on ignorance

The Federal Reserve published a paper that explores various privacy strategies in digital asset ecosystems. A key point is that cash like anonymity is very unlikely in digital systems. Confidentiality from certain parties is the best to hope for.

It asserts the desire for cash-like anonymity is based on a misunderstanding of how digital systems work. Even with encryption, activity logs and audit trails leak small pieces of information. Of course, current versions of most public blockchains reveal an enormous amount of data which is easy to link to an identity by tracing wallets back to exchange onramps.

Although it may be true that anonymity is almost impossible to achieve in the digital realm, people desire it. While comparing digital systems to cash at a practical level, the paper doesn’t acknowledge the broad recognition that digital money will accelerate the crowding out of cash.

Keep reading

U.K. Government Finally Admits It Can’t Scan for Child Porn Without Violating Everybody’s Privacy

The U.K. government finally acknowledges that a component of the Online Safety Bill that would force tech companies to scan data and messages for child porn images can’t be implemented without violating the privacy rights of all internet users and undermining the data encryption tools that keep our information safe.

And so the government is backing down—for now—on what’s been called the “spy clause.” Using the justification of fighting the spread of child sexual abuse material (CSAM), part of the Online Safety Bill would have required online platforms to create “backdoors” that the British government could use to scan messages between social media users. The law also would’ve allowed the government to punish platforms or sites that implement end-to-end encryption and prevent the government from accessing messages and data.

While British officials have insisted that this intrusive surveillance power would be used only to track down CSAM, tech and privacy experts have warned repeatedly that there’s no way to implement a surveillance system that could be used only for this particular purpose. Encryption backdoors allow criminals and oppressive governments to snoop on people for dangerous and predatory purposes. Firms like Signal and WhatsApp threatened to pull their services from the U.K. entirely if this bill component moved forward.

Keep reading

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

The IRS Misplaced Millions of Taxpayer Records. Again.

Do you know where your tax records are? It’s a serious question in the case of millions of Americans whose records the IRS carelessly misplaced. That’s the big reveal in a recent inspector general’s report telling us that the federal mugging agency continues to be mindbogglingly incompetent at safeguarding the sensitive financial information it forcibly extracts from us all.

“The IRS was unable to locate any of the FY 2010 microfilm cartridges that should have been sent from the Fresno Tax Processing Center to the Kansas City Tax Processing Center,” the U.S. Treasury Inspector General for Tax Administration revealed in an August 8 report on the tax agency’s data-handling practices. “As a result of the lack of adequate inventory controls, the IRS cannot account for thousands of microfilm cartridges containing millions of sensitive business and individual tax account records.”

That’s bad—remarkably bad given the bait the information in those records represents for criminals inclined “to commit tax refund fraud identity theft,” as the report goes on to warn. You could omit the “tax refund” part since the details we’re required to submit to the IRS could enable scammers to rob us blind in a host of ways that don’t matter to the government but are extremely serious to anybody on the receiving end.

As you might expect of a government agency, the incompetence doesn’t stop there.

Keep reading

AI program can steal your password by listening to the sounds your keyboard makes when you type it

Research published by Cornell University showed that scientists programmed an artificial intelligence system that listened to people typing their passwords and was able to correctly identify the keys with 95% accuracy.

The group programmed an AI system to listen to a typed password on MacBook Pro keys over both a phone and a Zoom call, according to Daily Fetched.

The AI model was trained by pressing each of the MacBook Pro’s 36 keys 25 times each and recording the sounds. The sounds were fed into the AI so it could correctly identify each key.

Over the phone, the program correctly identified the keys with 95% accuracy, while over Zoom the number dropped slightly to 93%. The phone was placed about six and a half inches away from the keyboard, according to the Daily Mail.

“When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95 percent, the highest accuracy seen without the use of a language model,” the study reportedly said.

Keep reading

The Government Wants to Turn Blockchain Firms into Servants of the State

In recent years, blockchain surveillance (BS) companies have become increasingly important players in the cryptocurrency industry. Their business model consists in developing proprietary software that collects and interprets public data available on public blockchains and in selling their services to governments, banks, exchanges, and others that need access to this data. Usually, governments are interested in collecting information about financial crimes, while other institutional players use BS companies for compliance, especially with regard to customer due diligence. This article argues that BS companies can be understood as governmentalities.

Michael Rectenwald deploys this term to “refer to corporations and other non-state actors who actively undertake state functions.” The partnership between the state and BS companies threatens cryptocurrency users’ privacy and their ability to transact freely, away from the prying eyes of unwanted third parties.

Keep reading

Thousands of Russian officials to give up iPhones over US spying fears

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.comT&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/6567e7f2-c5fb-4da4-bd95-bf7ceef54038

Russian authorities have banned thousands of officials and state employees from using iPhones and other Apple products as a crackdown against the American tech company intensifies over espionage concerns.  The trade ministry said that from Monday it will ban all use of iPhones for “work purposes”. The digital development ministry as well as Rostec, the state-owned company that is under sanction by the west for supplying Russia’s war machine in Ukraine, have said they will follow suit or have already introduced bans. The ban on iPhones, iPad tablets and other Apple devices at leading ministries and institutions reflects growing concern in the Kremlin and the Federal Security Service spy agency over a surge in espionage activity by US intelligence agencies against Russian state institutions. “Security officials in ministries — these are FSB employees who hold civilian positions such as deputy ministers — announced that iPhones were no longer considered safe and that alternatives should be sought,” said a person close to a government agency that has banned Apple products. A month after President Vladimir Putin launched his full-scale invasion of Ukraine in February last year, he signed a decree demanding that organisations involved in “critical information infrastructure” — a broad term that includes healthcare, science and the financial sector — switch to domestically developed software by 2025. The move reflected Moscow’s longstanding desire to make state institutions switch away from foreign technology. Some Russian analysts suggested the current edict will do little to assuage suspicions that western intelligence agencies are able to access sensitive information on Russian government activity.

Keep reading

A Reddit User Admitted To Pirating a Movie 12 Years Ago. Movie Studios Want To Unmask Him.

In what appears to be an escalating incursion into a user’s digital privacy, a collective of film companies continue to implore the court to compel Reddit to surrender its users’ personal details. This move is part of an ongoing piracy liability case against Internet Service Providers. Reddit, however, steadfastly resists, staunchly defending its users’ rights to anonymous speech.

While governments and law enforcement agencies have increasingly sought user details from Reddit — with over 1,000 requests, 277 search warrants, and 582 subpoenas last year, Torrent Freak reported — Reddit has staunchly resisted, drawing a firm line in the sand to protect its users’ privacy.

The battle over privacy rights came to a head earlier this year when film companies, involved in litigation against ISP RCN, attempted to extract personal details of Reddit users via a DMCA subpoena. Reddit objected, criticizing the subpoena as a sweeping and excessive invasion of user privacy, rather than a reasonable search for evidence. Reddit made a stand, yielding the details of only one user and rejecting the rest, underscoring its commitment to the right to anonymous speech.

The court sided with Reddit, ruling that the right to anonymity outweighed the copyright holders’ interests. US District Court Magistrate Judge Laurel Beeler further reinforced this stance, suggesting the film companies could obtain necessary information through alternative channels, such as directly from the ISP in question.

Undeterred by the earlier legal setback, the film companies are now making a similar push against ISP Grande, targeting a fresh group of Reddit users. Reddit, maintaining its position as a defender of user privacy, declined to release the requested information, triggering another motion to compel in court.

The film companies assert that they have exhausted all other options for evidence and insist on the need to reveal Reddit users’ identities. However, their earlier attempt to contact Grande’s repeatedly pirating subscribers failed to yield useful results, forcing them to resort to targeting Reddit users once again.

In response to this potential breach of privacy, Reddit has reiterated its commitment to preserving its users’ rights to anonymous speech. Reddit contends that the film companies have not presented a convincing case to justify the infringement of privacy, arguing that its users are not an “irreplaceable source” of evidence.

Reddit has further pointed out that the film companies already procured the identifying details of 118 of Grande’s most frequent pirating IP addresses. This action, according to Reddit, debunks the claim that violating user privacy is the only path to necessary evidence.

Reddit also questioned the film companies’ approach, noting they have yet to subpoena the Grande subscribers they contacted, an alternative step that could have been taken before pursuing Reddit users.

The film companies have singled out a Reddit user, “xBROKEx,” citing a 12-year-old comment admitting to pirating the movie The Expendables.

Keep reading

The Ranks of Gun Owners Grow, and So Does Their Resistance to Scrutiny

Believe it or not, people are reluctant to tell total strangers about their potentially controversial activities. In particular, Rutgers University researchers say, gun ownership is something many Americans decline to reveal when questioned by people they don’t know. That’s especially true of women and minorities newly among the ranks of gun owners amidst the chaos of recent years. Academics are unhappy that privacy-minded respondents impair their understanding of the world we live in, but such evasion is an inevitable consequence of decades of fiery debate and punitive gun policies.

Fibbing to Nosy Strangers

“Some individuals are falsely denying firearm ownership, resulting in research not accurately capturing the experiences of all firearm owners in the U.S.,” says Allison Bond, a doctoral student with Rutgers University’s New Jersey Gun Violence Research Center and lead author of “Predicting Potential Underreporting of Firearm Ownership in a Nationally Representative Sample,” published last month in Social Psychiatry and Psychiatric Epidemiology. “More concerningly, these individuals are not being reached with secure firearm storage messaging and firearm safety resources, which may result in them storing their firearms in an unsecure manner, which in turn increases the risk for firearm injury and death.”

Bond frames the problem of dishonesty among survey respondents as posing a danger to those surveyed since they don’t receive proper firearm safety information. But her deeper concern is with the validity of research into firearms culture and policy in a country where experts don’t have anywhere near as good a handle on the prevalence of gun ownership as they had believed.

“The implications of false denials of firearms ownership are substantial,” claim the authors. “First, such practices would result in an underestimation of firearms ownership rates and diminish our capacity to test the association between firearm access and various firearm violence-related outcomes. Furthermore, such practices would skew our understanding of the demographics of firearm ownership, such that we would overemphasize the characteristics of those more apt to disclose. Third, the mere existence of a large group of individuals who falsely deny firearm ownership highlights that intervention aimed at promoting firearm safety (e.g., secure firearm storage) may fail to reach communities in need.”

It should be emphasized that the report authors didn’t conclusively identify anybody who denied gun ownership as a gun owner. Instead, the report dealt in probabilities, with the researchers building profiles of confirmed gun owners. They then applied the profiles across their sample of 3,500 respondents to estimate who was likely fibbing about not owning guns. The results depend on the probability threshold applied, but they came up with 1,206 confirmed owners, between 1,243 and 2,059 non-owners, and between 220 and 1,036 potential but secretive owners lying about their status.

Keep reading