eumeswil Posted January 4 Posted January 4 Tema o narušavanju privatnosti i sigurnosti od strane vlada i korporacija, u Evropi i drugde. U Evropskom Savetu stalno pokušavaju da proguraju chat control legislaciju kojom bi se dalo zelenom svetlo masovnom skeniranju sadržaja privatne komunikacije, navodno da bi se omogućila potraga za CSAM materijalom.
aram Posted January 4 Posted January 4 nije nezanimljivo, ali ovo je od pre 6-7 meseci. šta se desilo u međuvremenu?
Engineer Posted January 5 Posted January 5 Kako predsedavanje u EU preuzme država koja podržava ovo, krene agitovanje, hteli su i Mađari skoro, ali su odustali. Pre njih Belgija, pre toga Holandija, sad je Poljska na čelu, a oni su protiv. Ovaj lik redovno piše o tome Ovaj skandal sa kineskim špijuniranje svih USA telekom provajdera od pre par nedelja je pokazao koliko su ovakve regulative besmislene. USA je sredinom 90-ih usvojila zakon po kom telekom provajderi moraju da imaju backdoor kom USA administracija ima pristup. I Kinezi su to iskoristili. EU sad hoće isto to, ali na mnogo gorem nivou, pošto se tradicionalni kanali komunikacije svakako smatraju nesigurnim, za razliku od većine modernih voip servisa. To je u suštini zaključavanje kuće i ostavljanje ključa tu negde. Možda nije ispod otirača ili saksije, ali onaj ko ima vremena, naći će ga, pre ili kasnije
napadaj Posted January 6 Posted January 6 Ovaj slučaj je zanimljiv, jer pokazuje da to već postoji: https://www.bbc.com/news/world-europe-68099669 A Spanish court has cleared a British man of public disorder, after he joked to friends about blowing up a flight from London Gatwick to Menorca. Aditya Verma admitted he told friends in July 2022: "On my way to blow up the plane. I'm a member of the Taliban." But he said he had made the joke in a private Snapchat group and never intended to "cause public distress". ... A key question in the case was how the message got out, considering Snapchat is an encrypted app. One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability". In the judge's resolution, cited by the Europa Press news agency, it was said that the message, "for unknown reasons, was captured by the security mechanisms of England when the plane was flying over French airspace". The message was made "in a strictly private environment between the accused and his friends with whom he flew, through a private group to which only they have access, so the accused could not even remotely assume... that the joke he played on his friends could be intercepted or detected by the British services, nor by third parties other than his friends who received the message," the judgement added. It was not immediately clear how UK authorities were alerted to the message, with the judge noting "they were not the subject of evidence in this trial". A spokesperson for Snapchat said the social media platform would not "comment on what's happened in this individual case".
eumeswil Posted January 6 Author Posted January 6 3 hours ago, napadaj said: Ovaj slučaj je zanimljiv, jer pokazuje da to već postoji: Postoji naravno odavno. Javno se zna minimum od kad je Snouden objavio 2013. A i ranije, NYT je 2005. pisao o T-kompanijama koje su učestvovale u nezakonitom prisluškivanju, koje je 2008. retroaktivno legalizovano.
napadaj Posted January 6 Posted January 6 Tu se radi o warrantless wiretappingu. Ovo što ja pominjem je nadzor celokupne komunikacije ogromnog broja korisnika i filtriranje po specifičnim rečima, pošto je očigledno da je to bilo u pitanju, osim ako nisu iz nekog razloga nadzirali random osobu.
eumeswil Posted January 6 Author Posted January 6 Pa i ovo je isto warrantless. Ovi koji se bore protiv u EPu se zalažu da ako se radi masovno skeniranje da može se radi samo sa nalogom i ciljano.
napadaj Posted January 6 Posted January 6 Htedoh da kažem da su to pojedinačni slučajevi, a ovaj slučaj koji se odnosi na Snapchat komunikaciju očigledno deo masovnog nadzora kojem je izložen ogroman broj random korisnika.
eumeswil Posted January 6 Author Posted January 6 (edited) I ljudi koje je MS nadzirao preko Skajpa pre 10 i više godina su bili random korisnici zahvaćeni mrežom masovnog nadzora. Nije masovni nadzor nov. Ono što je sad novo je ova regulativa na nivou EU, koja se pokušava progurati na osnovu potrage za dečijom pornografijom. Edited January 6 by eumeswil
eumeswil Posted January 6 Author Posted January 6 Evo sa Gardijana. https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data • Secret files show scale of Silicon Valley co-operation on Prism • Outlook.com encryption unlocked even before official launch • Skype worked to enable Prism collection of video calls • Company says it is legally compelled to comply https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook Companies deny any knowledge of program in operation since 2007 1
Engineer Posted January 6 Posted January 6 (edited) 8 hours ago, eumeswil said: Pa i ovo je isto warrantless. Ovi koji se bore protiv u EPu se zalažu da ako se radi masovno skeniranje da može se radi samo sa nalogom i ciljano. Nema mnogo dostupnih informacija oko ovog slučaja, ali Snapchat nema end-to-end enkripciju tekstualnih poruka, i kompanija ima pristup njihovom sadržaju, tako da mogu da ubace kakav god automatski skener i okidač za moguće kriminalne poruke. I onda da obaveste nadležne institucije. To Google i Microsoft (verovatno i svi ostali veći provajderi) rade sa mejlovima i cloud sadržajem. Ono što većina EU zemalja želi da progura je da kompanije čija komunikacija ima end-to-end enkripciju (Signal, WhatsApp, Viber, iMessage...) obavezno izmene implementaciju svojih protokola, tako da se automatski dekriptuju poruke, skenira sadržaj i poredi sa dostupnom bazom ilegalnog sardžaja. Nešto slično što je Apple sam krenuo da radi pa odustao nakon pritisaka. Što je pogrešno i besmisleno na toliko mnogo nivoa, da bukvalno umara ljude koji moraju stalno da se bore i ponavljaju da će to doneti više štete nego koristi. Edited January 6 by Engineer
braca Posted January 7 Posted January 7 Mladjima će zvučati neverovatno, ali ne tako davno, enkripcija i alatke oko nje su tretirani kao oružje i kao takvo bili strogo regulisani : https://news.ycombinator.com/item?id=39342080 Quote Cryptography was considered a war weapon and only allowed for military use. The United States had to be brought to court to finally allow cryptography: https://en.m.wikipedia.org/wiki/Bernstein_v._United_States > Years before, the government had placed encryption, a method for scrambling messages so they can only be understood by their intended recipients, on the United States Munitions List, alongside bombs and flamethrowers, as a weapon to be regulated for national security purposes. Companies and individuals exporting items on the munitions list, including software with encryption capabilities, had to obtain prior State Department approval. — Electronic Frontier Foundation: EFF's History Before that, export rules could be "worked around" by printing cryptography in books.
eumeswil Posted January 7 Author Posted January 7 6 hours ago, braca said: Mladjima će zvučati neverovatno, ali ne tako davno, enkripcija i alatke oko nje su tretirani kao oružje i kao takvo bili strogo regulisani : Internet i nadzor se koriste kao oružje još od Vijetnamskog rata. Preporučujem čitanje ove knjige za istorijski pregled ako već ne znaš/znate za nju. http://surveillancevalley.com/ A reporter unearths the true history of the internet: it was built by the government to spy on citizens, at home and abroad. In Surveillance Valley, Yasha Levine traces the history of the internet back to its beginnings as a Vietnam-era tool for spying on guerrilla fighters and antiwar protesters–a military computer networking project that ultimately envisioned the creation of a global system of surveillance and prediction. Levine shows how the same military objectives that drove the development of early internet technology are still at the heart of Silicon Valley today. Spies, counterinsurgency campaigns, hippie entrepreneurs, privacy apps funded by the CIA. From the 1960s to the 2010s — this revelatory and sweeping story will make you reconsider what you know about the most powerful, ubiquitous tool ever created.
eumeswil Posted January 7 Author Posted January 7 (edited) 19 hours ago, Engineer said: Ono što većina EU zemalja želi da progura je da kompanije čija komunikacija ima end-to-end enkripciju (Signal, WhatsApp, Viber, iMessage...) obavezno izmene implementaciju svojih protokola, tako da se automatski dekriptuju poruke, skenira sadržaj i poredi sa dostupnom bazom ilegalnog sardžaja. Nešto slično što je Apple sam krenuo da radi pa odustao nakon pritisaka. Što je pogrešno i besmisleno na toliko mnogo nivoa, da bukvalno umara ljude koji moraju stalno da se bore i ponavljaju da će to doneti više štete nego koristi. Enkripcija tih aplikacija maltene ništa ne vredi jer druga strana (CIA, NSA, FBI itd.) ima alate koji je lako zaobilaze. Pored toga, Tor i Signal su finansirani od strane istih tih vladinih agencijan i povezane grupe ljudi. Odeljak iz ove knjige gore koji govori o tome: Spoiler Quote Tor’s spat with the researchers at Carnegie Mellon University revealed another confusing dynamic. Whereas one part of the federal government—which included the Pentagon, State Department, and the Broadcasting Board of Governors—funded the ongoing development of the Tor Project, another wing of this same federal government—which included the Pentagon, the FBI, and possibly other agencies—was working just as hard to crack it. What was going on? Why was the government working at cross-purposes? Did one part simply not know what the other was doing? Strangely enough, Edward Snowden’s NSA documents provided the beginnings of an answer. They showed that multiple NSA programs could punch through Tor’s defenses and possibly even uncloak the network’s traffic on a “wide scale.” They also showed that the spy agency saw Tor as a useful tool that concentrated potential “targets” in one convenient location. 143 In a word, the NSA saw Tor as a honeypot. In October 2013, the Washington Post reported on several of these programs, revealing that the NSA had been working to crack Tor since at least 2006, the same year that Dingledine signed his first contract with the BBG.144 One of these programs, codenamed EGOTISTICALGIRAFFE, was actively used to trace the identity of Al-Qaeda operatives. “One document provided by Snowden included an internal exchange among NSA hackers in which one of them said the agency’s Remote Operations Center was capable of targeting anyone who visited an al-Qaeda Web site using Tor.”145 Another set of documents, made public by the Guardian that same month, showed that the agency viewed Tor in a positive light.“ Critical mass of targets use Tor. Scaring them away might be counterproductive. We will never get 100% but we don’t need to provide true IPs for every target every time they use Tor,” explained a 2012 NSA presentation.146 Its point was clear: people with something to hide—whether terrorists, foreign spies, ord rug dealers—believed in Tor’s promise of anonymity and used the network en masse. By doing so, they proceeded with a false sense of safety, doing things on the network they would never do out in the open, all while helping to mark themselves for further surveillance.147 This wasn’t surprising. The bigger lesson of Snowden’s NSA cache was that almost nothing happenedo n the Internet without passing through some kind of US government bug. Naturally, popular tools used by the public that promised to obfuscate and hide people’s communications were targets regardless of who funded them. As for the other crypto tools financed by the US government? They suffered similar security and honeypot pitfalls. Take Signal, the encrypted app Edward Snowden said he used every day. Marketed as a secure communication tool for political activists, the app had strange features built in from the very beginning. It required that users link their active mobile phone number and upload their entire address book into Signal’s servers—both questionable features of a tool designed to protect political activists from law enforcement in authoritarian countries. In most cases, a person’s phone number was effectively that person’s identity, tied to a bank account and home address. Meanwhile, a person’s address book contained that user’s friends, colleagues, fellow political activists, and organizers, virtually the person’s entire social network. Then there was the fact that Signal ran on Amazon’s servers, which meant that all its data were available to a partner in the NSA’s PRISM surveillance program. Equally problematic, Signal needed Apple and Google to install and run the app on people’s mobile phones. Both companies were, and as far as we know still are, partners in PRISM as well. “Google usually has root access to the phone, there’s the issue of integrity,” writes Sander Venema, a respected developer and secure-technology trainer, in a blog post explaining why he no longer recommends people use Signal for encrypted chat. “Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones.”148 Equally weird was the way the app was designed to make it easy for anyone monitoring Internet traffic to flag people using Signal to communicate. All that the FBI or, say, Egyptian or Russian security services had to do was watch for the mobile phones that pinged a particular Amazon server used by Signal, and it was trivial to isolate activists from the general smartphone population. So, although the app encrypted the content of people’s messages, it also marked them with a flashing red sign: “Follow Me. I Have Something To Hide.” (Indeed, activists protesting at the Democratic National Convention in Philadelphia in 2016 told me that they were bewildered by the fact that police seemed to know and anticipate their every move despite their having used Signal to organize.)149 Debate about Signal’s technical design was moot anyway. Snowden’s leaks showed that the NSA had developed tools that could grab everything people did on their smartphones, which presumably included texts sent and received by Signal. In early March 2017, WikiLeaks published a cache of CIA hacking tools that confirmed the inevitable. The agency worked with the NSA as well as other “cyber arms contractors” to develop hacking tools that targeted smartphones, allowing it to bypass the encryption of Signal and any other encrypted chat apps, including Facebook’s WhatsApp.150 “The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone,” explained a WikiLeaks press release. “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.” Disclosure of these hacking tools showed that, in the end, Signal’s encryption didn’t really matter, not when the CIA and NSA owned the underlying operating system and could grab whatever they wanted before encryption or obfuscation algorithms were applied. This flaw went beyond Signal and applied to every type of encryption technology on every type of consumer computer system. Sure, encryption apps might work against low-level opponents when used by a trained army intelligence analyst like Pvt.Chelsea Manning, who had used Tor while stationed in Iraq to monitor forums used by Sunni insurgents without giving away his identity.151 They also might work for someone with a high degree of technical savvy—say, a wily hacker like Julian Assange or a spy like Edward Snowden—who can use Signal and Tor combined with other techniques to effectively cover their tracks from the NSA. But, for the averageu ser, these tools provided a false sense of security and offered the opposite of privacy. The old cypherpunk dream, the idea that regular people could use grassroots encryption tools to carve out cyber islands free of government control, was proving to be just that, a dream. Edited January 7 by eumeswil
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now