Canary

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Status: All good
Period: January 1 to June 30, 2015

During this period, dosch.it has received:

Zero National Security Letters
Zero Foreign Intelligence Surveillance Court orders
Zero gag orders that prevent us from from stating that we have received legal process seeking our customers’ information

dosch
General Counsel
dosch.it
—–BEGIN PGP SIGNATURE—–

iQIcBAEBCAAGBQJVaBwxAAoJEDy/d+zgxWzzyg0P/1y3+kOV+cYBDPji3k05H//I
TlrLg4/q/7FWVoBnk7aRrcyMv7R7bwxKQ9qVOnTcuSFSy3AaunHSAMjcqHZwyv8Q
JLek15nV4ieaz99EnBrY8tiNBnB4qxvvy2NKFvjSYd2epB9KhgopG2KnHzMBLbuX
A59jDIIxh/15SvjU328I+xHCQ4PFIVRtQ4P3RtXJ61RGKQOEgXBcvnbuvtFD5/oL
f9h/M4hinV+ibFGhXldQphvEFk3YVSjpRzwxh5nXyfMXFaq6Zf/ztGM2GxBSWYqH
CvweepxVg96KZ8525CU2Tk9sAOxot1b8b/Yw0YfTDL8US/dOPvq+oPsgmA4XfGBu
44BoY4q0mmhsc3ty/L2D4TwGWhi+/6edYD92hxjI31IFI7/sAh228rhjCd7Vob0p
Z7T8gDqq82VqQI7O+xShl9SJ9WMLCclE2eX+9UH4HHpXWz1lg2apltyaGjA/UDHr
u4elWn5EGdm8tGbq1T8OO1TocoDG6f2KQ4NR6XfQM+6wCU//I9FAhwf1bwA4cJvM
uWL3+5D4JMSp73x97RdtQ6nRps5IS5Jkh0On0zX7bJN/U25o6MkQIBIkBUVGHzxq
QMAk4sktybzCGz3F0jt8iv5n0Yh5lRn3EnO9EhHCH67rpQ0FwgEkwQk0yq4ony7e
qzNNaVRHS/K5ju2D7yKO
=zoND
—–END PGP SIGNATURE—–

Made with: https://firstlook.org/code/project/autocanary/?

Spyware 2.0

From here: https://aralbalkan.com/notes/spyware-2.0/

Spyware 2.0 is not cloak and dagger. It’s not hiding in the shadows; it’s hiding out in plain sight like some saccharine Ronald McDonald statue. Spyware 2.0 is all cute doodles and loveable dinosaurs. It’s all the colours of the rainbow. Spyware 2.0 is so damn adorable that you just want to hug it as tightly as you can and never let it go. Spyware 2.0 loves you like a kitten.

The only difference between Spyware 1.0 and Spyware 2.0 is that the purveyors of spyware in the Internet era are not doing it entirely in secret.

I say entirely because they are not completely transparent either. Privacy policies spell out general usage but omit granular, comprehensive use cases. What analysis and experiments do they perform on you and your behaviour? How is the data you provide combined with other third-party data and what additional insights about you does this provide? Given the myriad of applications for your personal information, some of which haven’t been dreamed up yet, I would argue that is it impossible for spyware vendors to be entirely transparent and comprehensive in their disclosures even if they wanted to be.

Spyware: the dominant business on the Internet

Whereas Spyware 1.0 was an anomaly — easily-identified as malware — Spyware 2.0 is the hegemonic norm of the Internet era; rendered invisible by its very ubiquity.

The purveyors of Spyware 2.0 tell us that we have the choice to not use their services; that we volunteer our data willingly. But do we really have a choice when the business model of spyware itself is a monopoly on the Internet today?

Say I choose not to use Google and use Yahoo instead. What is Yahoo’s business model? Oh, it’s the same: to spy on me. If I drop Flickr for Instagram, what is Instagram’s business model? Yep, you guessed it! As the business of spyware is a monopoly on the Internet today, the choice we’re actually being presented with is this: either accept being spied on or go disconnect yourself from modern life.

Spyware is the perfect term to call the services, devices, and connectivity offered by companies whose business model it is to observe and study us in order to manipulate our behaviour for profit. It is the term that I will be using from now on and I invite you to do the same.

6 easy rules to identify 99% of snakeoil

via Security and the Rise of Snakeoil

  • not free software
  • runs in a browser
  • runs on a smartphone,
  • the user doesn’t generate, or exclusively own the private encryption keys,
  • there is no threat model,
  • uses terminology like “cyber”, “military-grade”, or other marketing mantra,

Tor executive director hints at Firefox integration

The Tor anonymity network may soon expand to hundreds of millions of new users around the world as the software’s developers prepare to scale to a “global population.”

Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a “private browsing mode” in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off.

“They very much like Tor Browser and would like to ship it to their customer base,” Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. “Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users.”

via Tor executive director hints at Firefox integration.

Apple protecting its customers

Word has it todaythat anyone going to the Tor website is tracked by the NSA after that. So if you clicked that link, you’re now a high value target for the NSA.

Just by coincidence I past the Apple store in Amsterdam today to ask for a new battery for my laptop. Out of curiosity I tried to acces my own server over SSH, the tor website and the Tails website. (Tails is a operating system you can download and run from a USB stick providing some of the best anonymity tools available today)

I guess that Apple really looks after its customers and doesn’t want them to get in trouble because it was all blocked… I made a quick screen cast of this tiny experiment.

Joy and angriness aside… what does todays revelation mean for all the people I advised to download Tor at the Privacy Cafe?

Why King George III Can Encrypt

King George III set aside his quill, having completed secret orders to put down the rebellion. It was imperative that they remain secure, visible only to Generals Gage and Howe. The King opened a cabinet in the wall behind him, revealing hundreds of locks each labelled with the name of a British General. Selecting one with “Gage” engraved on the side, the King placed his orders for General Gage in an impregnable metal box and secured it shut with the lock. Since only General Gage possessed the corresponding key, the King knew that the orders were secure from prying eyes. After doing the same for General Howe, King George marked the boxes with his royal seal, whose imprint was known throughout the world. Anyone who received the message could now be sure it came from the King.  Several weeks later, two metal boxes arrived on the King’s desk, one bearing the unforgeable imprint of General Gage’s seal and the other of General Howe’s.  Both boxes were bound shut with locks engraved with “His Majesty King George III” on their sides. The King unlocked the boxes with his personal key, revealing two identical documents: “It is done.”

via Why King George III Can Encrypt.

Everything Is Broken

Security and privacy experts harangue the public about metadata and networked sharing, but keeping track of these things is about as natural as doing blood panels on yourself every morning, and about as easy. The risks on a societal level from giving up our privacy are terrible. Yet the consequences of not doing so on an individual basis are immediately crippling. The whole thing is a shitty battle of attrition between what we all want for ourselves and our families and the ways we need community to survive as humans — a Mexican stand off monetized by corporations and monitored by governments.I live in this stuff, and I’m no better.

Once when I had to step through a process to verify myself to a secretive source. I had to take a series of pictures showing my location and the date. I uploaded them, and was allowed to proceed with my interview. It turns out none of my verification had come through, because I’d failed to let the upload complete before nervously shutting down my computer. “Why did you let me through?” I asked the source. “Because only you would have been that stupid,” my source told me.

via Everything Is Broken.