Archive for the ‘Internet Snooping’ Category

Read more sstech.htm at MelonFarmers.co.uk

firefox logo DNS over HTTPS (DoH) is an encrypted internet protocol that makes it more difficult for ISPs and government censors to block users from being able to access banned websites It also makes it more difficult for state snoopers like GCHQ to keep tabs on users’ internet browsing history.Of course this protection from external interference also makes it much internet browsing more safe from the threat of scammers, identity thieves and malware.

Google were once considering introducing DoH for its Chrome browser but have recently announced that they will not allow it to be used to bypass state censors.

Mozilla meanwhile have been a bit more reasonable about it and allow users to opt in to using DoH. Now Mozilla is considering using DoH by default in the US, but still with the proviso of implementing DoH only if the user is not using parental control or maybe corporate website blocking.

Mozilla explains in a blog post:

What’s next in making Encrypted DNS-over-HTTPS the Default

By Selena Deckelmann,

In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol, and since June 2018 we’ve been running experiments in Firefox to ensure the performance and user experience are great. We’ve also been surprised and excited by the more than 70,000 users who have already chosen on their own to explicitly enable DoH in Firefox Release edition. We are close to releasing DoH in the USA, and we have a few updates to share.

After many experiments, we’ve demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic. We feel confident that enabling DoH by default is the right next step. When DoH is enabled, users will be notified and given the opportunity to opt out.

Results of our Latest Experiment

Our latest DoH experiment was designed to help us determine how we could deploy DoH, honor enterprise configuration and respect user choice about parental controls.

We had a few key learnings from the experiment.

  • We found that OpenDNS’ parental controls and Google’s safe-search feature were rarely configured by Firefox users in the USA. In total, 4.3% of users in the study used OpenDNS’ parental controls or safe-search. Surprisingly, there was little overlap between users of safe-search and OpenDNS’ parental controls. As a result, we’re reaching out to parental controls operators to find out more about why this might be happening.

  • We found 9.2% of users triggered one of our split-horizon heuristics. The heuristics were triggered in two situations: when websites were accessed whose domains had non-public suffixes, and when domain lookups returned both public and private (RFC 1918) IP addresses. There was also little overlap between users of our split-horizon heuristics, with only 1% of clients triggering both heuristics.

Moving Forward

Now that we have these results, we want to tell you about the approach we have settled on to address managed networks and parental controls. At a high level, our plan is to:

  • Respect user choice for opt-in parental controls and disable DoH if we detect them;

  • Respect enterprise configuration and disable DoH unless explicitly enabled by enterprise configuration; and

  • Fall back to operating system defaults for DNS when split horizon configuration or other DNS issues cause lookup failures.

We’re planning to deploy DoH in “fallback” mode; that is, if domain name lookups using DoH fail or if our heuristics are triggered, Firefox will fall back and use the default operating system DNS. This means that for the minority of users whose DNS lookups might fail because of split horizon configuration, Firefox will attempt to find the correct address through the operating system DNS.

In addition, Firefox already detects that parental controls are enabled in the operating system, and if they are in effect, Firefox will disable DoH. Similarly, Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If an enterprise policy explicitly enables DoH, which we think would be awesome, we will also respect that. If you’re a system administrator interested in how to configure enterprise policies, please find documentation here.

Options for Providers of Parental Controls

We’re also working with providers of parental controls, including ISPs, to add a canary domain to their blocklists. This helps us in situations where the parental controls operate on the network rather than an individual computer. If Firefox determines that our canary domain is blocked, this will indicate that opt-in parental controls are in effect on the network, and Firefox will disable DoH automatically.

This canary domain is intended for use in cases where users have opted in to parental controls. We plan to revisit the use of this heuristic over time, and we will be paying close attention to how the canary domain is adopted. If we find that it is being abused to disable DoH in situations where users have not explicitly opted in, we will revisit our approach.

Plans for Enabling DoH Protections by Default

We plan to gradually roll out DoH in the USA starting in late September. Our plan is to start slowly enabling DoH for a small percentage of users while monitoring for any issues before enabling for a larger audience. If this goes well, we will let you know when we’re ready for 100% deployment.

Advertisements
Read more aw_privacy.htm at MelonFarmers.co.uk

FBI logo A few days ago Donald Trump responded to more mass shooters by calling on social networks to build tools for identifying potential mass murderers before they act. And across the government, there appears to be growing consensus that social networks should become partners in surveillance with the government.So quite a timely moment for the Wall Street Journal to publish an article about FBI plans for mass snooping on social media:

The FBI is soliciting proposals from outside vendors for a contract to pull vast quantities of public data from Facebook, Twitter and other social media to proactively identify and reactively monitor threats to the United States and its interests.

The request was posted last month, weeks before a series of mass murders shook the country and led President Trump to call for social-media platforms to do more to detect potential shooters before they act.

The deadline for bids is Aug. 27.

As described in the solicitation, it appears that the service would violate Facebook’s ban against the use of its data for surveillance purposes, according to the company’s user agreements and people familiar with how it seeks to enforce them.

The Verge comments on a privacy paradox:

But so far, as the Journal story illustrates, the government’s approach has been incoherent. On one hand, it fines Facebook $5 billion for violating users’ privacy; on the other, it outlines a plan to potentially store all Americans’ public posts in a database for monitoring purposes.

But of course it is not a paradox, many if not most people believe that they’re entitled to privacy whilst all the ‘bad’ people in the world aren’t.

hyp3r logo Commercial interests are also very keen on profiling people from their social media postings. There’s probably a long list of advertisers who would love a list of rich people who go to casinos and stay at expensive hotels.

Well As Business Insider has noted, one company Hyp3r has been scraping all public postings on Instagram to provide exactly that information:

A combination of configuration errors and lax oversight by Instagram allowed one of the social network’s vetted advertising partners to misappropriate vast amounts of public user data and create detailed records of users’ physical whereabouts, personal bios, and photos that were intended to vanish after 24 hours.

The profiles, which were scraped and stitched together by the San Francisco-based marketing firm Hyp3r, were a clear violation of Instagram’s rules. But it all occurred under Instagram’s nose for the past year by a firm that Instagram had blessed as one of its preferred Facebook Marketing Partners.

Hyp3r is a marketing company that tracks social-media posts tagged with real-world locations. It then lets its customers directly interact with those posts via its tools and uses that data to target the social-media users with relevant advertisements. Someone who visits a hotel and posts a selfie there might later be targeted with pitches from one of the hotel’s competitors, for example.

The total volume of Instagram data Hyp3r has obtained is not clear, though the firm has publicly said it has a unique dataset of hundreds of millions of the highest value consumers in the world, and sources said more than of 90% of its data came from Instagram. It ingests in excess of 1 million Instagram posts a month, sources said.

See full article from businessinsider.com

Read more sstech.htm at MelonFarmers.co.uk

Russell Haworth, CEO of Nominet, Britain’s domain name authority has outlined the UK’s stance on maintaining UK censorship and surveillance capabilities as the introduction of encrypted DNS over HTTPS (DoH) will make their job a bit more difficult.The authorities’ basic idea is that UK ISPs will provide their own servers for DNS over HTTPS so that they can still use this DNS traffic to block websites and keep a log of everyone’s internet use. Browser companies will then be expected to enforce using the governments preferred DoH server.

And Google duly announced that it will comply with this censorship request. Google Chrome will only allow DoH servers that are government or corporate approved.

Note that this decision is more nuanced than just banning internet users from sidestepping state censors. It also applies to users being prevented from sidestepping corporate controls on company networks, perhaps a necessary commercial consideration that simply can’t be ignored.

Russell Haworth, CEO of Nominet explains:

Nominet Firefox and Google Chrome — the two biggest web browsers with a combined market share of over 70% — are both looking to implement DoH in the coming months, alongside other operators. The big question now is how they implement it, who they offer to be the resolvers, and what policies they use. The benefit offered by DoH is encryption, which prevents eavesdropping or interception of DNS communication. However, DoH raises a number of issues which deserve careful consideration as we move towards it.

Some of the internet safety and security measures that have been built over the years involve the DNS. Parental controls, for example, generally rely on the ISP blocking particular domains for their customers. The Internet Watch Foundation (IWF) also ask ISPs to block certain domains because they are hosting child sexual abuse material. There may also be issues for law enforcement using DNS data to track criminals. In terms of cyber security, many organisations currently use the DNS to secure their networks, by blocking domains known to contain malware. All of these measures could be impacted by the introduction of DoH.

Sitting above all of these is one question: Will users know any of this is happening? It is important that people understand how and where their data is being used. It is crucial that DoH is not simply turned on by default and DNS traffic disappears off to a server somewhere without people understanding and signing up to the privacy implications. This is the reason what we have produced a simple explainer and will be doing more to communicate about DoH in the coming weeks.

Nominet DoH demands

DoH can bring positive changes, but only if it is accompanied by understanding, informed consent, and attention to some key principles, as detailed below:

Informed user choice:

users will need to be educated on the way in which their data use is changing so they can give their informed consent to this new approach. We also need some clarity on who would see the data, who can access the data and under what circumstances, how it is being protected and how long it will be available for.

Equal or better safety:

DoH disrupts and potentially breaks safety measures that have built over many years. It must therefore be the responsibility of the browsers and DoH resolvers who implement DoH to take up these responsibilities. It will also be important for current protections to be maintained.

Local jurisdiction and governance:

Local DoH resolvers will be needed in individual countries to allow for application of local law, regulators and safety bodies (like the IWF). This is also important to encourage innovation globally, rather than having just a handful of operators running a pivotal service. Indeed, the internet was designed to be highly distributed to improve its resilience.

Security:

Many organisations use the DNS for security by keeping suspicious domains that could include malware out of networks. It will be important for DoH to allow enterprises to continue to use these methods — at Nominet we are embracing this in a scalable and secure way for the benefit of customers through our cyber security offering.

Change is a constant in our digital age, and I for one would not stand in the way of innovation and development. This new approach to resolving requests could be a real improvement for our digital world, but it must be implemented carefully and with the full involvement of Government and law enforcement, as well as the wider internet governance community and the third sector.

A Google developer has outlined tentative short term plans for DoH in Chrome. It suggest that Chrome will only allow the selection of DoH servers that are equivalent to approved non encrypted servers.

google chrome logo This is a complex space and our short term plans won’t necessarily solve or mitigate all these issues but are nevertheless steps in the right direction.

For the first milestone, we are considering an auto-upgrade approach. At a high level, here is how this would work:

  • Chrome will have a small (i.e. non-exhaustive) table to map non-DoH DNS servers to their equivalent DoH DNS servers. Note: this table is not finalized yet.

  • Per this table, if the system’s recursive resolver is known to support DoH, Chrome will upgrade to the DoH version of that resolver. On some platforms, this may mean that where Chrome previously used the OS DNS resolution APIs, it now uses its own DNS implementation in order to implement DoH.

  • A group policy will be available so that Administrators can disable the feature as needed.

  • Ability to opt-out of the experiment via chrome://flags.

In other words, this would upgrade the protocol used for DNS resolution while keeping the user’s DNS provider unchanged. It’s also important to note that DNS over HTTPS does not preclude its operator from offering features such as family-safe filtering.

10th July 2019. See article from ispa.org.uk and article from techdirt.com

villain The villains of ISPA have withdrawn their nomination of the heroic Mozilla as an internet villain. ISPA writes:

Last week ISPA included Mozilla in our list of Internet Villain nominees for our upcoming annual awards.

In the 21 years the event has been running it is probably fair to say that no other nomination has generated such strong opinion. We have previously given the award to the Home Secretary for pushing surveillance legislation, leaders of regimes limiting freedom of speech and ambulance-chasing copyright lawyers. The villain category is intended to draw attention to an important issue in a light-hearted manner, but this year has clearly sent the wrong message, one that doesn’t reflect ISPA’s genuine desire to engage in a constructive dialogue. ISPA is therefore withdrawing the Mozilla nomination and Internet Villain category this year.

TechDirt noted that the ISPA nomination was kindly advertising Mozilla’s Firefox option for DNS over HTTPS:

ISPA nominated Mozilla for the organization’s meaningless internet villain awards for, at least according to ISPA, undermining internet safety standards in the UK:

Of course Mozilla is doing nothing of the sort. DNS over HTTPS not only creates a more secure internet that’s harder to filter and spy on, it actually improves overall DNS performance, making everything a bit faster. Just because this doesn’t coalesce with the UK’s routinely idiotic and clumsy efforts to censor the internet, that doesn’t somehow magically make it a bad idea.

Of course, many were quick to note that ISPA’s silly little PR stunt had the opposite effect than intended. It not only advertised that Mozilla was doing a good thing, it advertised DNS over HTTPS to folks who hadn’t heard of it previously. Matthew Prince P (@eastdakota) tweeted:

Given the number of people who’ve enabled DNS-over-HTTPS in the last 48 hours, it’s clear @ISPAUK doesn’t understand or appreciate @mmasnick’s so-called “Streisand Effect.”

Read more me_ico.htm at MelonFarmers.co.uk

ico adtech In recent months we’ve been reviewing how personal data is used in real time bidding (RTB) in programmatic advertising, engaging with key stakeholders directly and via our fact-finding forum event to understand the views and concerns of those involved.

We’re publishing our Update report into adtech and real time bidding which summarises our findings so far.

We have prioritised two areas: the processing of special category data, and issues caused by relying solely on contracts for data sharing across the supply chain. Under data protection law, using people’s sensitive personal data to serve adverts requires their explicit consent, which is not happening right now. Sharing people’s data with potentially hundreds of companies, without properly assessing and addressing the risk of these counterparties, raises questions around the security and retention of this data.

We recognise the importance of advertising to participants in this commercially sensitive ecosystem, and have purposely adopted a measured and iterative approach to our review of the industry as a whole so that we can observe the market’s reaction and adapt our thinking. However, we want to see change in how things are done. We’ll be spending the next six months continuing to engage with the sector, which will give the industry the chance to start making changes based on the conclusions we’ve come to so far.

Open Rights Group responds

25th June 2019. See article from openrightsgroup.org

The ICO has responded to a complaint brought by Jim Killock and Dr Michael Veale in Europe’s 12 billion euro real-time bidding adtech industry. Killock and Veale are now calling on the ICO to take action against companies that are processing data unlawfully.

The ICO has agreed in substance with the complainants’ points about the insecurity of adtech data sharing. In particular, the ICO states that:

  • Processing of non-special category data is taking place unlawfully at the point of collection

  • [The ICO has] little confidence that the risks associated with RTB have been fully assessed and mitigated

  • Individuals have no guarantees about the security of their personal data within the ecosystem

However the ICO is proceeding very cautiously and slowly, and not insisting on immediate changes, despite the massive scale of the data breach.

Jim Killock said:

The ICO’s conclusions are strong and very welcome but we are worried about the slow pace of action and investigation. The ICO has confirmed massive illegality on behalf of the adtech industry. They should be insisting on remedies and fast.

Dr Michael Veale said:

The ICO has clearly indicated that the sector operates outside the law, and that there is no evidence the industry will correct itself voluntarily. As long as it remains doing so, it undermines the operation and the credibility of the GDPR in all other sectors. Action, not words, will make a difference–and the ICO needs to act now.

The ICO concludes:

Overall, in the ICO’s view the adtech industry appears immature in its understanding of data protection requirements. Whilst the automated delivery of ad impressions is here to stay, we have general, systemic concerns around the level of compliance of RTB:

  • Processing of non-special category data is taking place unlawfully at the point of collection due to the perception that legitimate interests can be used for placing and/or reading a cookie or other technology (rather than obtaining the consent PECR requires).
  • Any processing of special category data is taking place unlawfully as explicit consent is not being collected (and no other condition applies). In general, processing such data requires more protection as it brings an increased potential for harm to individuals.
  • Even if an argument could be made for reliance on legitimate interests, participants within the ecosystem are unable to demonstrate that they have properly carried out the legitimate interests tests and implemented appropriate safeguards.
  • There appears to be a lack of understanding of, and potentially compliance with, the DPIA requirements of data protection law more broadly (and specifically as regards the ICO’s Article 35(4) list). We therefore have little confidence that the risks associated with RTB have been fully assessed and mitigated.
  • Privacy information provided to individuals lacks clarity whilst also being overly complex. The TCF and Authorized Buyers frameworks are insufficient to ensure transparency and fair processing of the personal data in question and therefore also insufficient to provide for free and informed consent, with attendant implications for PECR compliance.
  • The profiles created about individuals are extremely detailed and are repeatedly shared among hundreds of organisations for any one bid request, all without the individuals’ knowledge.
  • Thousands of organisations are processing billions of bid requests in the UK each week with (at best) inconsistent application of adequate technical and organisational measures to secure the data in transit and at rest, and with little or no consideration as to the requirements of data protection law about international transfers of personal data.
  • There are similar inconsistencies about the application of data minimisation and retention controls.
  • Individuals have no guarantees about the security of their personal data within the ecosystem.
Read more uk_internet_censors.htm at MelonFarmers.co.uk

firefox logo Age verification for porn is pushing internet users into areas of the internet that provide more privacy, security and resistance to censorship.I’d have thought that security services would prefer that internet users to remain in the more open areas of the internet for easier snooping.

So I wonder if it protecting kids from stumbling across porn is worth the increased difficulty in monitoring terrorists and the like? Or perhaps GCHQ can already see through the encrypted internet.

RQ12: Privacy & Security for Firefox

Mozilla has an interest in potentially integrating more of Tor into Firefox, for the purposes of providing a Super Private Browsing (SPB) mode for our users.

Tor offers privacy and anonymity on the Web, features which are sorely needed in the modern era of mass surveillance, tracking and fingerprinting. However, enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale. Academic research is just getting started with regards to investigating alternative protocol architectures and route selection protocols, such as Tor-over-QUIC, employing DTLS, and Walking Onions.

What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? And would they preserve Tor properties? Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like?

Read more uk_internet_censors.htm at MelonFarmers.co.uk

techdirt logo In an interesting article on the Government age verification and internet porn censorship scheme, technology website Techdirt reports on the ever slipping deadlines.Seemingly with detailed knowledge of government requirements for the scheme, Tim Cushing explains that up until recently the government has demand that age verification companies retain a site log presumably recording people’s porn viewing history. He writes:

The government refreshed its porn blockade late last year, softening a few mandates into suggestions. But the newly-crafted suggestions were backed by the implicit threat of heavier regulation. All the while, the government has ignored the hundreds of critics and experts who have pointed out the filtering plan’s numerous problems — not the least of which is a government-mandated collection of blackmail fodder.

The government is no longer demanding retention of site logs by sites performing age verification, but it’s also not telling companies they shouldn’t retain the data. Companies likely will retain this data anyway, if only to ensure they have it on hand when the government inevitably changes it mind.

Cushing concludes with a comment perhaps suggesting that the Government wants a far more invasive snooping regime than commercial operators are able or willing to provide. He notes:

Shortly. April 1st will come and go with no porn filter. The next best guess is around Easter (April 21st). But I’d wager that date comes and goes as well with zero new porn filters. The UK government only knows what it wants. It has no idea how to get it. I

And it seems that some age verification companies are getting wound up by negative internet and press coverage of the dangers inherent in their services. @glynmoody tweeted:

I see age verification companies that will create the biggest database of people’s porn preferences – perfect for blackmail – are now trying to smear people pointing out this is a stupid idea as deliberately creating a climate of fear and confusion about the technologies nope