SecDocs Feed for tag privacy

[Video] Decentralized clustering

Thu, 24 May 2012 06:32:51 +0200

Authors: Herr Urbach
Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: In January 2011 the fear of all internauts became bitter truth. A whole country was kill-switched by the government. The flow of data was interrupted, communication laid waste. Not only the Internets was taken down, other means of communication were interrupted too. Cell Phone providers took down their services. So, there was no Internets in Egypt. Internauts had no chance to communicate what is happening, mothers and fathers could not send emails to theire relatives. No data was flowing. As the phone lines were working, this was the solutions: Modems. In this talk I will describe what Telecomix agents had done during these days to bring back internet to the people of egypt. We used modem technology and set up dial up points all over the world and convinced providers with modem pools to open theire pools for the egyptians for free. Another thing we did was communication via HAM radio and of course fax. Not like anonymous who like to fax cables and stuff, but helpful information about medical help, how to communicate on a secure base and things like that. Furthermore I will describe the structure of Telecomix who are working as a decentralized cluster.

[Video] A modern manifest of cyberspace

Thu, 24 May 2012 06:32:51 +0200

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: The internet is increasingly falling under the control and restrictions of governments and multinational corporations. Internet connections are filtered and censored, not only in China but blatantly so in 'western' countries such as Australia and Canada. The content industry is clamping down on infringement on intellectual property and calls for ever more far-fetching and over-reaching laws to be put into effect. Meanwhile, telco's are making deals with content providers to decide how gets premium access and who gets degraded access to their networks. We have seen the internet rise, saw its potential and then lost it to capitalism and state control. It is time we truly 'take back the web'. The modern manifest of cyberspace is a call to action, urging the community to regain control and fight for a free infrastructure to sustain an uncensored and unbiased flow of information. The internet is increasingly falling under the control and restrictions of governments and multinational corporations. Internet connections are filtered and censored, not only in China but blatantly so in 'western' countries such as Australia and Canada. The content industry is clamping down on infringement on intellectual property and calls for ever more far-fetching and over-reaching laws to be put into effect. Meanwhile, telco's are making deals with content providers to decide how gets premium access and who gets degraded access to their networks. As such, the independence of cyberspace [https://projects.eff.org/~barlow/Declaration-Final.html as declared in 1996] is a thing of the past. We urgently need to reclaim this independence, to ensure the free flow of information. One way out is the deployment of darknets and encrypted tunnels layered over the existing commercial internet. In this talk I will argue for a more radical option though; I will call to abandon the existing infrastructure and build our own. This talk will highlight various already ongoing initiatives supporting this bold idea, and ideas that are currently bubbling up to build grass-roots internet. Wireless mesh networks that connect local areas, initiatives to connect rural areas to the larger networking community and the [http://events.ccc.de/camp/2011/space.html hackerspaces space program] launching this year at the CCC camp in August, which creates the environment for an actual grass-roots telecommunications satellite network and unites various ongoing efforts in this area. But most of all, this talk will argue that the time is here to join loose initiatives and localized grass-roots telecommunication efforts to implement a world-wide and independent communications network. This talk will explore possibilities, challenges and perhaps the need to unlearn the familiar and adapt to a new era of a truly decentralized infrastructure without traditional hubs of power and controlling agencies.

[Video] What is brewing in Brussels?

Sun, 20 May 2012 12:18:40 +0200

Authors: Walter van Holst
Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: Right now the European Union is in a bit of a lawmaking frenzy on areas that are relevant to the internet in general. This Commission has several ambitious undertakings going on with regard to: enforcement of so-called intellectual property rights data protection data retention directive Passenger Name Records (PNR) Furthermore, several recent efforts are wrapping up and are moving to the national level, such as ACTA and webfilters against child pornography. During this lecture Katarzyna Szymielewicz (Panoptykon Foundation Poland) and Walter van Holst (European Digital Rights) will explain the main topics in Brussels, what you can do to get involved to defend your freedoms.

[Video] Cyberpeace and Datalove

Sun, 20 May 2012 11:54:18 +0200

Authors: Jérémie Zimmermann
Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: overnments and corporations craft powerful memes to justify their repressive policies, it is time for us to provide with solid countermeasures. Will we get "cyberwar", censorship, and repression of sharing, or impose that Internet remains the instrument of (cyber)Peace, (data)Love and (hackers)Unity? The turn of 2010/2011 has been decisive for the ecology of the Internet, as well as for its perception in the eye of the general public. From Cablegate to the "Arab spring", it is now clear for everyone that Internet is the tool for freedom of expression and democratic participation. At the same time, the violent attacks against Wikileaks, repression in the Arab countries, as well as the finalization of the ACTA agreement or the notion of a "civilized Internet" pushed by Nicolas Sarkozy clutter in our skies like a dense, dark storm. Between the "eG8" and the G20, governments talk of cooperation and exceptional measures... In the name of an upcoming "cyberwar", control over the network they might obtain could become the perfect tool to restrict our freedoms. What is this "cyberwar" about anyway? Isn't it just a state of permanent war, like in Orwell's "1984", justifying the unjustifiable, beyond the rule of law? As these political and commercial attacks against a free, open, universal therefore neutral Internet intensify, citizens get more and more trained to react against legislative attacks, by coordinated advocacy. But when powerful memes are crafted in order to justify restrictions on our freedoms, how can we react? As diverse hacker communities loving the Internet and the flow of data, we must address mass manipulation and anti-democratic influence designed at imposing restriction of our freedoms.

[Slides] What is brewing in Brussels?

Sun, 20 May 2012 11:48:47 +0200

[Video] OpenLeaks

Wed, 16 May 2012 00:34:33 +0200

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: This talk will introduce the next phase of the OpenLeaks project. We will present a more detailed insight into the project and take you on a tour around the different OL subprojects. We will also announce the activities we are planning for this years camp. This talk will introduce the next phase of the OpenLeaks project. Where last years congress was still too early, we would like to take the chance to present a more detailed insight into the project and its technicalities, and take you on a tour around the different subprojects OL is comprised of. We will also announce the activities we are planning for this years camp, including some workshops and a special surprise.

[Video] OpenLeaks

Sun, 13 May 2012 21:36:08 +0200

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

[Audio] OpenLeaks

Sun, 13 May 2012 21:02:49 +0200

[Slides] Tor is Peace, Software Freedom is Slavery, Wikipedia is Truth

Wed, 09 May 2012 06:50:39 +0200

Authors: Adam Obeng
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The Internet began as state-sponsored anarchy, but it is now the tool of first resort for dissidents and propagandists alike. The poster-child project of the Free Software Movement runs on the authority of a single person; the rest clash over the very definition of the word 'free'. A company which pictured itself as smashing Big Brother is now seen as one of the perceived secretive and authoritarian in the industry; and for another, 'Don't Be Evil' is proving to be a challenging motto to live by. This talk aims to present a view of the societies of Internet from the perspective of political philosophy. Political philosophy is not politics, in the same way that computer science is not programming. It's not the politics about the Internet, but the politics *of* the Internet. Even so, events at any particular place or time just provide examples to be studied. Political philosophy is meta-politics, it's about the trends in politics and the theories we use to understand them. Real-world political systems have striking parallels in the evolution of the Internet: there was primitive anarchy before Eternal September, the era of walled gardens resembled that of Ancient Greek city-states, which were succeeded by more-or-less liberal regimes following the geographical territories of real-world governments. Because of its rapid evolution, mass participation, and highly complex human interaction, the Internet should be subjected to the sorts of questions that political philosophers ask. On the Internet, what is freedom? Do we have obligations to those in control? To each other? What rights do we have? What can we own? Once we know the way it is, we can ask how it should be...

[Video] Tor is Peace, Software Freedom is Slavery, Wikipedia is Truth

Wed, 09 May 2012 06:50:39 +0200

[Audio] Tor is Peace, Software Freedom is Slavery, Wikipedia is Truth

Tue, 08 May 2012 06:42:29 +0200

[Audio] IMMI, from concept to reality

Thu, 03 May 2012 06:31:29 +0200

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility.

[Video] IMMI, from concept to reality

Thu, 03 May 2012 06:31:29 +0200

[Video] A Critical Overview of 10 years of Privacy Enhancing Technologies

Tue, 01 May 2012 06:45:10 +0200

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the ﬁeld, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the ﬁeld of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-deﬁned, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”conﬁdentiality”. Privacy as self-deﬁnition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research ﬁeld. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the ﬁeld of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the ﬁeld, their advantages, but also their blind spots, and unfulfilled promises.

[Paper] A Critical Overview of 10 years of Privacy Enhancing Technologies

Tue, 01 May 2012 06:45:09 +0200

[Audio] A Critical Overview of 10 years of Privacy Enhancing Technologies

Mon, 30 Apr 2012 06:35:11 +0200

[Audio] The importance of resisting Excessive Government Surveillance

Sat, 28 Apr 2012 06:39:25 +0200

Authors: Nicholas Merrill
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.

[Video] The importance of resisting Excessive Government Surveillance

Sat, 28 Apr 2012 06:39:25 +0200

[Slides] Data Retention in the EU five years after the Directive

Wed, 18 Apr 2012 06:38:24 +0200

Authors: Katarzyna Szymielewicz Patrick Breyer Ralf Bendrath
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: 2011 will again be a crucial year in the battle against data retention and blanket surveillance. The EU Commission is planning to publish its review of the directive in December (right in time before 27C3), and the lobbying and PR battle has already begun. In six months from now, we will see the legislative proposal from the EU commission for the revision of data retention. The talk will give a full picture of the legal state of play, what is going on in Brussels, what is already being done and of course where you can help. The speakers are closely involved in the process on the European and national level. In December 2005, the European Parliament agreed to the data retention directive that introduced mandatory retention of the telecommunications behaviour of half a billion EU citizens and residents. That was a huge disappointment and perceived by many as the final opening of the floodgates. Frank Rieger and Rop Gongrijp at 22C3 even declared that "we lost the war" over privacy. But things turned out different than expected. Now, five years later, a new privacy movement has risen in Germany and elsewhere, a number of constitutional courts all across Europe have declared national data retention laws illegal, a case against the whole directive is pending at the European Court of Justice, and the EU has a justice commissioner who openly said that she would not have suggested the whole thing in the first place, and a home affairs commissioner who voted against the directive when she was still a Member of Parliament. The talk will give a full picture of the legal state of play, what is going on in Brussels, what is already being done and of course where you can help. The speakers are all active in European Digital Rights (EDRi.org) and are closely involved in the process on the European and national level.

[Audio] Data Retention in the EU five years after the Directive

Wed, 18 Apr 2012 06:38:24 +0200

[Video] Data Retention in the EU five years after the Directive

Wed, 18 Apr 2012 06:38:24 +0200

[Audio] Contemporary Profiling of Web Users

Sun, 15 Apr 2012 06:33:16 +0200

Authors: Dominik Herrmann
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year

[Video] Contemporary Profiling of Web Users

Sun, 15 Apr 2012 06:33:16 +0200

[Audio] Changing techno-optimists by shaking up the bureaucrats

Tue, 10 Apr 2012 06:37:36 +0200

Authors: Brenno De Winter
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Meet the Netherlands: a nation filled with techno-optimists protecting our freedom by puting in place restrictions on what you can do, reducing our privacy and have technology as a solution for anything and everything. When you make a trip we store your details for two years, your airplane meal selection from two years earlier is good data to test with and when migrating the government website we keep the old website running in an unmaintained state. If you have nothing to hide nothing can go wrong and there is nothing you can do. Well not quite. What would happen if you play the system? If you would take the train and hack the card? What if you were to pick up the resistance you face and use it in your advantage. No matter what the costs would carry on? If you would take some data and show the failures? Not just once but a full month long and call that month Leaktober. What if you would publicly call the failures with our personal data? Ultimately you make a difference. You change the law, you changes the rules of the game and you really can raise the question if storing all that data is really needed. Ultimately people really start to doubt if this is the right way to go. This is a strategic and tactical story on how you can regain some privacy and data protection. Even though for a journalist this should be normal work, thanks to some people these things become very personal. It ends in criminal prosecution, legal threats, insults, a successful counter hack and ultimately a lot of benefits. But standing up for a cause does work as long as you focus on the stories you want to bring. My story is about hacking the system from the inside, overcoming fear and showing bureaucrats that hackers are people too. The talk is a lessons learnt how a few people can change a nation with hacker beliefs if they really want to. A guideline on how to make a difference by hacking the system you want to change. Where you can even make huge mistakes, but with some luck you can win a world. How you can make your critical voice be heard. Zillions of lessons learnt.

[Video] Changing techno-optimists by shaking up the bureaucrats

Tue, 10 Apr 2012 06:37:36 +0200

[Video] DC+, The Protocol

Mon, 09 Apr 2012 14:26:13 +0200

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. In this talk you will learn about DC-Networks, advanced key generation methods (resulting in a DC+-Network) and a library to make DC-Networks available to your programs.

[Video] Smart Hacking For Privacy

Mon, 09 Apr 2012 14:20:27 +0200

Authors: Dario Carluccio Stephan Brinkhaus
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings. Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers' homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports. This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer's homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device. In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the "problem" that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed. In the first part of the talk we show that the analysis of the household’s electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter. In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy’s consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness.

[Audio] DC+, The Protocol

Mon, 09 Apr 2012 14:13:41 +0200

[Audio] Smart Hacking For Privacy

Mon, 09 Apr 2012 14:02:54 +0200

[Audio] From Press Freedom to the Freedom of information

Wed, 04 Apr 2012 06:54:48 +0200

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: This talk is about: Information freedom and the issues for the citizens RWB ressources: a “human network” RWB needs: Get involved! ** Freedom of information and citizen issues Why defend media freedom, journalists and bloggers? Because without a free press, no cause can make its voice heard, no human rights violation can be reported. Specific examples of information vital to the public (links below): - the tainted baby formula scandal in China exposed by the netizen Zhao Lianhai, who was arrested as a result - Organized crime denounced by netizens, some of whom have been killed. Rascatripas, the moderator of the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB sees how the media and methods of spreading news and information are evolving, and is adapting to the changes - RWB helps all kinds of “information producers” including professional journalists and bloggers and takes positions on the problems specific to new media WikiLeaks hounded - Capacity building and e-advocacy: RWB provides bloggers, cyber-dissidents and journalists with the means to continue reporting and circulating information. Provision of censorship circumvention tools (including VPN) and online security training, circulation of viral campaigns, awareness campaigns, information about online risks. ** RWB’s resources: a “human network” A human network: 150 correspondents worldwide + informal contacts Strong lobbying capacity (European Parliament and Washington) A legal committee Handbook for Bloggers and Handbook for Journalists during Elections Training (in Thailand, in Paris in February, in China and elsewhere in the future) Virtual Shelter project: Creation of electronic safe and website for hosting censored content ** RWB’s needs: Get involved! Need for people whose technical skills can help us to evaluate a country’s Internet, by carrying out tests to determine the filters used, the presence of Deep Packet Inspection and so on. Need for technicians who can tell us about the safety of the various communications methods used. Which governments monitor Skype, IRC, BBM, and Google Talk? Which email service or VoIP to use? Need for the help of experts in viral marketing, search engine marketing and information monitoring. Need for contacts in companies that cooperate with Internet censorship (or former employees) Need for the help of jurists in different countries to analyze the growing number of laws that regulate the Internet

[Video] From Press Freedom to the Freedom of information

Wed, 04 Apr 2012 06:54:48 +0200

[Paper] Resilience Towards Leaking or Why Julian Assange Might Be Wrong After All

Tue, 03 Apr 2012 06:44:08 +0200

Authors: Kay Hamacher
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: In his now (in)famous pamphlet "Conspiracy as Governance" Julian Assange (JA) argues about the need for leaking as an efficient way to destroy "unjust" groups as the neo-feudalistic ones - luring the conspiracy theory leaning hacker community into his belief system. Eventually, JA used a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for "just" and "unjust" systems, arriving at the conclusion that "unjust" systems are hurt more and thus will be less viable, essentially being destroyed by more "just" systems. While an innovative proposal, the underlying assumptions on complexity, network theory, and especially the evolutionary perspectives were never critically assessed. Some blogs and media raised questions on details and potential threats to innocent bystanders. Still, fundamental problems with the philosophy were never addressed. This paper argues against the general validity of such theories. In particular, we will refute some of the biologistic arguments. Theoretical biology has long ago pointed out the hidden complexity in evolutionary processes and as such the envisioned "leaking revolution" might be a limited artifact: there might even arise situations where the leaking envisioned and encouraged by Wikileaks and the like can actually strengthen some "conspiracies". In this paper I will describe some research questions, that should be answered before given the “leaking philosophy” an unconditioned “thumbs-up”. Empirically, for example, a potential strengthening is illustrated by the rise of a 'neo-feudalistic economy', which is linked closely to the paradigm of "intellectual property" as it is to the security-financial-political complex. The players have effectively created a closed network or a "conspiracy" and might be resilient towards Wikileaks-like attacks. The paper concludes with an alternative to that proposal; in particular, a way to deal with the 'conspiracy' that might be coined the rise of the neo-feudalistic society (which in itself is a self-sustainable, self-amplifying feedback loop, not necessarily a conscious conspiracy).

[Video] Resilience Towards Leaking or Why Julian Assange Might Be Wrong After All

Tue, 03 Apr 2012 06:44:08 +0200

[Audio] Resilience Towards Leaking or Why Julian Assange Might Be Wrong After All

Tue, 03 Apr 2012 00:18:41 +0200

[Slides] Towards a Single Secure European Cyberspace?

Sat, 31 Mar 2012 06:44:24 +0200

Authors: Suso Baleato
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The "European Great Firewall" was the way that European civil rights organizations has addressed the proposal to create a "single European cyberspace". Surely other lectures will describe the technicalities of the proposal. This lecture will go beyond that, describing a vulnerability that the proposal reveals in the power structures of the European and world governance, that could be exploited by the hackerdom if the war is understood as a value to be avoided. The proposal registered by the body of the Council of the European Union to create «a single secure European cyberspace» marks a pivotal moment in the development of the Union. Three reasons grounds that statement. First, because after decades omitting the use of the term, the semantics of «cyberspace» is officially adopted by the Union's policy. Second, because that adoption enacts a new field of community policy making. Third, because the new field is formulated by binding, under a «single European» frame, the home affairs with the security and defense areas – the building blocks of sovereignty since the Peace of Westphalia. The notion of cyberspace as a global wide computer mediated domain of human agency is not new. Furthermore, the saliency of that domain in the contemporary society can hardly be refuted: Beyond the contributions from the Literature and the Academia, the most reliable source of empirical evidence can be found in the production of the concerned polities to address the deployment and the effects of informatics and telecommunications – the constituent technologies of cyberspace. The legal developments on the protection of personal data and on the enforcement of intellectual property rights, or the budgetary assignments to the field of information society are meaningful proofs of that saliency. However, the idea of an «European cyberspace» (a) impugns the aforementioned «global wide» range by assuming the possibility to constrain the agency to the boundaries of a political body – the EU – which then becomes the holder of the sovereignty in that domain, what (b) defies the traditional monopoly of the State regarding the exercise of power over their own territory. As Kymlicka has pointed out, the existence of a common identity is a requirement of statality, at leas in the political configuration designed under the liberal democracy paradigm. Provided that cyberspace favours the establishment of social interactions not limited by the constrains that provides statality, it is possible to conform alternative identities that can enact a conflict with the identitary demarcations of the State and, therefore, following Foucault, to challenge the discoursive hegemony of the State.

[Video] Towards a Single Secure European Cyberspace?

Sat, 31 Mar 2012 06:44:24 +0200

[Audio] Towards a Single Secure European Cyberspace?

Sat, 31 Mar 2012 06:44:24 +0200

[Audio] Deceiving Authorship Detection

Tue, 27 Mar 2012 06:40:01 +0200

Authors: Michael Brennan Rachel Greenstadt
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Stylometry is the art of detecting authorship of a document based on the linguistic style present in the text. As authorship recognition methods based on machine learning have improved, they have also presented a threat to privacy and anonymity. We have developed two open-source tools, Stylo and Anonymouth, which we will release at 28C3 and introduce in this talk. Anonymouth aids individuals in obfuscating documents to protect identity from authorship analysis. Stylo is a machine-learning based authorship detection research tool that provides the basis for Anonymouth's decision making. We will also review the problem of stylometry and the privacy implications and present new research related to detecting writing style deception, threats to anonymity in short message services like Twitter, examine the implications for languages other than English, and release a large adversarial stylometry corpus for linguistic and privacy research purposes. Stylometry is the study of authorship recognition based on linguistic style (word choice, punctuation, syntax, etc). Adversarial stylometry examines authorship recognition in the context of privacy and anonymity though attempts to circumvent stylometry with passages intended to obfuscate or imitate identity. This talk will introduce the open source authorship recognition and obfuscation projects Anonymouth and Stylo. Anonymouth aids individuals in obfuscating their writing style in order to maintain anonymity against multiple forms of machine learning based authorship recognition techniques. The basis for this tool is Stylo, an authorship recognition research tool that implements multiple forms of state-of-the-art stylometry methods. Anonymouth uses Stylo to attempt authorship recognition and suggest changes to a document that will obfuscate the identity of the author to the known set of authorship recognition techniques. We will also cover our recent work in the field of adversarial authorship recognition in the two years since our 26C3 talk, "Privacy & Stylometry: Practical Attacks Against Authorship Recognition Techniques." Our lab has new research on detecting deception in writing style that may indicate a modified document, demonstrating up to 86% accuracy in detecting the presence of deceptive writing styles. Short messages have been difficult to assign authorship to but recent work from our lab demonstrates the threat to anonymity present in short message services like Twitter. We have found that while difficult, it is possible to identify authors of tweets with success rates significantly higher than random chance. We also have new results that examine the ability of authorship recognition to succeed across languages and the use of translation to thwart detection. This talk will also mark the release of an adversarial stylometry data set that is many times larger than our previous release. This data set, provided by volunteers, includes at least 6500 words per author of unmodified writing as well as sample adversarial passages intended to preserve the anonymity of the author and demographic information for each author. The content of this talk will be relevant to those with interest in novel issues in privacy and anonymity, forensics and anti-forensics, and machine learning. All of the work presented here is from the Privacy, Security and Automation Lab at Drexel University. Founded in 2008, our lab focuses on the use of machine learning to augment privacy and security decision making.

[Slides] Deceiving Authorship Detection

Tue, 27 Mar 2012 06:40:01 +0200

[Video] Deceiving Authorship Detection

Tue, 27 Mar 2012 06:40:01 +0200

[Video] How governments have tried to block Tor

Sun, 18 Mar 2012 06:30:10 +0100

Authors: Jacob Appelbaum Roger Dingledine
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we've gotten around the blocking in each case), and what technologies they use to deploy the filters -- including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We'll cover what we've learned about the mindset of the censor operators (who in many cases don't want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we'll explain Tor's development plans to get ahead of the address harvesting and handshake DPI arms races.

[Audio] How governments have tried to block Tor

Sat, 17 Mar 2012 06:40:45 +0100

[Slides] Privacy Invasion or Innovative Science?

Fri, 16 Mar 2012 06:56:12 +0100

Authors: Conrad Lee
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: A practical discussion of how potentially revolutionary, yet ethically questionable data---such as that from facebook---is currently being handled in academia. With every day that passes, the users of social media websites are providing scientists with ever-richer, larger datasets on human behavior. At the same time, machine-learning techniques allow us to exploit this data to accurately predict who these users are and how they will behave in the future. I begin this talk by outlining the need for public datasets containing rich information on individuals and their social relations. I then show how in practice, distribution and use of such datasets by academics is awkward and confused. I conclude with some consideration of how "enhancing" datasets by, for example, inferring missing or hidden data using machine learning classifiers, creates yet another ethical grey-zone.

[Paper] The movements against state-controlled Internet in Turkey

Thu, 08 Mar 2012 06:42:40 +0100

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.

[Video] The movements against state-controlled Internet in Turkey

Thu, 08 Mar 2012 06:42:40 +0100

[Audio] The movements against state-controlled Internet in Turkey

Wed, 07 Mar 2012 06:55:09 +0100

[Paper] Determining Personality Traits & Privacy Concerns from Facebook Activity

Wed, 08 Feb 2012 22:04:01 +0100

Authors: Chris Sumner
Tags: privacy
Event: Black Hat Abu Dhabi 2011
Abstract: This study explored the extent to which it is possible to predict personality traits and privacy concerns based on Facebook use. This was done by comparing the 'Big Five' personality traits with Facebook usage, activities and language use. Results show that there are some significant correlations between an individual's personality type,their Facebook activity and their level of concern about privacy. However, the practical significance of these correlations is relatively low. This means that making meaningful conclusions about people or taking decisions that will affect their lives on the basis of Facebook activity may therefore be problematic and error prone . These findings support and extend previous research in online social networks by showing that Facebook activity can provide limited clues to an individual's personality. However, further research into social media use is critical to ensure that the practical and ethical implications of drawing conclusions about personal information embedded in social media sites are better understood. This talk discusses online activity, personality types and privacy concerns in relation to a range of topics including marketing, pre-employment screening and susceptibility to crime such as phishing and confidence fraud.

[Slides] Playing Server Hide and Seek on the Tor Anonymity Network

Fri, 20 Jan 2012 06:32:29 +0100

Authors: Lasse Øverlier Paul Syverson
Tags: privacy
Event: Black Hat Federal 2006

[Slides] Separated By A Common Goal—Emerging EU and US Information Security and Privacy Law: Allies or Adversaries?

Sat, 14 Jan 2012 06:49:53 +0100

Authors: Amanda Hubbard Bryan Cunningham
Tags: privacy
Event: Black Hat EU 2006

[Slides] Privacy Rights Management Using DRM: Is This A Good Idea?

Sun, 11 Dec 2011 06:45:12 +0100

Authors: Larry Korba
Tags: privacy
Event: Black Hat EU 2004