DOCSLIB.ORG

Hiding in Plain Sight Narratives of Contemporary Online Anonymity

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Hiding in Plain Sight Narratives of Contemporary Online Anonymity Abstract This research combines social studies and software studies to analyse how anonymity manifests itself within the internet today. To this end, the concept of anonymity and its successor online anonymity are historically analysed by means of literature which is subsequently deployed as a framework for the analysis of Tor Browser, Signal, and Retroshare. (Online) anonymity has identity empowering qualities, adds to personal freedoms and has been a protective measurement for centuries. Overall it adds to the agency of individuals. This research examines how the encrypted browser, encrypted messenger, and encrypted social networking platform narrate online anonymity through their support- and about-pages, and interfaces. Alexander Galloway’s definition of the interface plays a central role for the latter. An examination of the architectures and interfaces of Tor Browser, Signal, and Retroshare demonstrates that the medium specific characters of anonymity enhancing tools add new layers to the concept of online anonymity. The way these tools structure information is influenced by cryptographic ideals, trust and functionality. While being effected by the latter, Tor Browser, Signal and Retroshare show that a different online culture can be established in which the individual’s anonymity plays a central role. Keywords online anonymity, encryption, interface, Tor, Signal, Retroshare Lieke Kersten 22 June 2016 Lonneke van der Velden Stefania Milan MA: New Media and Digital Culture TABLE OF CONTENTS INTRODUCTION ..................................................................................................................... 3 1. ANONYMITY THROUGH HISTORY ................................................................................ 5 1.1 Anonymity and urbanity ................................................................................................... 5 1.2 Anonymous authorship..................................................................................................... 7 1.3 The changing landscape of online anonymity .................................................................. 8 1.4 Encryption and anonymization ...................................................................................... 11 2. METHOD ............................................................................................................................ 13 2.1 Objects of study .............................................................................................................. 13 2.2 Approach ........................................................................................................................ 14 3. TOR...................................................................................................................................... 16 3.1 Tor Browser ................................................................................................................... 17 3.2 Interface ......................................................................................................................... 19 4. SIGNAL ............................................................................................................................... 23 4.1 Encryption and Network ................................................................................................ 24 4.2 Interface ......................................................................................................................... 27 5. RETROSHARE ................................................................................................................... 31 5.1 Encryption method and network topology ..................................................................... 32 5.2 Interface ......................................................................................................................... 34 6. FUNCTIONS OF ONLINE ANONYMITY ....................................................................... 39 6.1 Identity ........................................................................................................................... 39 6.2 Integrity .......................................................................................................................... 40 6.3 Protection ....................................................................................................................... 42 7. SHAPING CONTEMPORARY ONLINE ANONYMITY................................................. 45 7.1 Cryptographic ideals ..................................................................................................... 45 7.2 Technological trust ........................................................................................................ 46 7.3 Functionality .................................................................................................................. 48 CONCLUSION ........................................................................................................................ 49 REFERENCES ........................................................................................................................ 51 Tool documentation ............................................................................................................. 54 2 INTRODUCTION Information gathering seems one of the defining characters of civilized societies today. Information technologies are ubiquitously present in everyday life and the ability to store huge amounts of data has dramatically increased over the years. Almost all online activity is being recorded: for marketing purposes by companies, and security purposes by law enforcement agencies, but also for research purposes. Therefor, it has become increasingly difficult to achieve relative forms of anonymity. Yet, as the availability of the many anonymity enhancing tools shows, there seems to be a need for online anonymity. One can browse the internet using an encrypted browser, search the internet using a search engine which doesn’t track its users or communicate on the internet using an encrypted messenger. Moreover, users can overcome online tracking by installing privacy enhancing browser extensions or by installing private networks. Anonymity enhancing tools are often based on encryption technology. Encryption technologies can provide strong forms of anonymity by securing information with mathematical protocols. While the options for achieving forms of online anonymity are manifold, it is often put down as being obscure or even dangerous. American government officials accuse encryption of having created a “zone of lawlessness” (Koebler n.pag) and go as far as wanting to ban internet anonymity (McCarthy n.pag). Moreover, in 2015 the British prime minister intended to ban communication services with strong encryption methods if those services didn’t open up their data to the UK government (Kravets n.pag). In the year after, French lawmakers backed a plan to impose penalties on technology executives denying access to encrypted data during a terrorist investigation (Fouquet and Mawad n.pag). Clearly, the concept of online anonymity is controversial. Not for nothing in 2015 technology magazine Wired dubs anonymity as “the internet’s next big battleground” (Card n.pag). I will stay away from the “battleground”, but will address the problem of online anonymity from a different perspective. I will add to the debate on anonymity by analyzing how online anonymity is narrated by three tools which enhance anonymity, namely Tor Browser, Signal and Retroshare. Tor Browser is a preconfigured web browser which focusses on protecting the user’s anonymity; Signal is an encrypted calling and messaging application which anonymizes the user’s communication; and Retroshare is an alternative social networking platform which focusses on offering secure communication and 3 file sharing. The beta versions of these tools already date back to respectively 2002, 2010 and 2006, but the ideals they pursue are still very relevant. In the tradition of Geert Lovink and Miriam Rasch, and following their example also Robert Gehl, this research focusses on alternative new media forms. Lovink and Rasch believe that while new media create and expand the social spaces through which people interact, play and politicize themselves, these media are owned by a few companies which have phenomenal power to shape the architecture of these interactions (10). Therefor Lovink and Rasch advocate for research on alternatives to these closed and centralized environments (10). While they focus on social networking sites alone, I am expanding beyond social networking platforms. In doing so this research will focus on the juncture between the technical and the social against the background of new media studies. More specifically, by focusing on the software and the interfaces of anonymity enhancing tools, it adds to the field of software studies. Without falling into easy dichotomies this research will focus on what (online) anonymity has offered societies in the past and can offer societies in the present. I will do so through the following question: In what manner do anonymity enhancing tools create a narrative of anonymity, focusing on its functions for society? To answer this question, I will start by analysing the concept of anonymity from a historical perspective. This meta-narrative exposes several functions of anonymity before the existence of the internet and shows how the internet has changed the
Recommended publications
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • Bbg), 2011-2015

    Bbg), 2011-2015

    Description of document: FOIA Logs for the Broadcasting Board of Governors (BBG), 2011-2015 Requested date: 02-March-2016 Released date: 06-May-2016 Posted date: 08-August-2016 Source of document: BBG FOIA Office Room 3349 330 Independence Ave. SW Washington, D.C. 20237 Fax: (202) 203-4585 The governmentattic.org web site (“the site”) is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. The public records published on the site were obtained from government agencies using proper legal channels. Each document is identified as to the source. Any concerns about the contents of the site should be directed to the agency originating the document in question. GovernmentAttic.org is not responsible for the contents of documents published on the website. Broadcasting 330 Independence Ave.SW T 202.203.4550 Board of Cohen Building, Room 3349 F 202.203.4585 Governors Washington, DC 20237 Office ofthe General Counsel Freedom ofInformation and Privacy Act Office May6, 2016 RE: Request Pursuant to the Freedom of Information Act-FOIA #16-035 This letter is in response to your Freedom of Information Act (FOIA) request dated March 2, 2016 to the Broadcasting Board of Governors (BBG), which the Agency received on March 14, 2016.
  • TECH TOOLS for ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE of CONT ENT S

    TECH TOOLS for ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE of CONT ENT S

    TECH TOOLS FOR ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE OF CONT ENT S Tech Tools For Activism 1 An introduction to this booklet 2 2 Securing your email 4 3 Anonymous Blogs and Websites 7 4 Microblogging Beyond Twitter 9 5 Browsing the Internet 11 6 Organising and Networking Online 14 7 Mobile Phone Security and Android Apps 18 8 Publishing and Networking News 21 9 Producing and Publishing Media to the Internet 23 10 Green Computing 25 11 Hiding & Deleting Things on your PC 27 TECH TOOLS FOR ACTIVISM 1. AN INTRODUCTION TO THIS BOOKLET 2. SECURING YOUR EMAIL 3. ANONYMOUS BLOGS AND WEBSITES 4. MICROBLOGGING BEYOND TWITTER 5. BROWSING THE INTERNET 6. ORGANISING AND NETWORKING ONLINE 7. MOBILE PHONE SECURITY AND ANDROID APPS 8. PUBLISHING AND NETWORKING NEWS 9. PRODUCING AND PUBLISHING MEDIA TO THE INTERNET 10. GREEN COMPUTING 11. HIDING & DELETING THINGS ON YOUR PC 1 1. AN INT RODUCT ION T O T HIS BOOKLET T his booklet will help you to: use email securely publish news and upload media anonymously make your web browsing more anonymous and secure use Facebook and Twitter more securely get organised online without relying on corporate social networking sites use encrypted messaging on mobile phones hide stuff on your computer so it can't be found find a more secure and decentralised replacement for Twitter support free software, open licences and decentralised/ federated communication. Why this booklet is important: This booklet provides an introduction to the effective use of technology for activism, with links to step-by-step guides and further information.
  • Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals? Michael Schliep Ian Kariniemi Nicholas Hopper University of Minnesota University of Minnesota University of Minnesota [email protected] [email protected] [email protected] ABSTRACT Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that imple- ment end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world ad- versaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model. 1 INTRODUCTION (a) Alice’s view of the conversa-(b) Bob’s view of the conversa- Recently many software developers and companies have been inte- tion. tion. grating end-to-end encrypted messaging protocols into their chat applications. Some applications implement a proprietary protocol, Figure 1: Speaker inconsistency in a conversation. such as Apple iMessage [1]; others, such as Cryptocat [7], imple- ment XMPP OMEMO [17]; but most implement the Signal protocol or a protocol based on Signal, including Open Whisper Systems’ caching.
  • 1. 210830 E2EE Report Paper

    1. 210830 E2EE Report Paper

    TERRORIST USE OF E2EE: STATE OF PLAY, MISCONCEPTIONS, AND MITIGATION STRATEGIES REPORT 1. Background And Scope 04 2. Methodology 04 Part 1 – Use and Perception of E2EE: Landscape Review 3. Use and Perception of E2EE: Key Findings 05 4. Public Perception of E2EE: User Concerns for Privacy And Security 06 5. Landscape Review: Use of E2EE Across The Internet 13 6. E2EE: Challenges for Content Moderation 23 7. Challenges for Law Enforcement Access 26 8. Policymakers Calls for Access to and Traceability of E2EE 29 9. Key Arguments Against the Creation of Backdoors 39 Part 2 – Assessing Terrorist and Violent Extremist Use of E2EE 10. Terrorist and Violent Extremist Use of E2EE: Key Findings 42 11. Terrorist and Violent Extremist Use of E2EE: Assessment 42 12. Suspected Use of E2EE In Terrorist Attacks And Its Impact on The Encryption Debate 54 13. Monitoring of Encrypted Platforms By Law Enforcement Agencies 56 Part 3 – Strategies for Risk Mitigation 14. Strategies for Risk Mitigation: Key Findings 62 15. Countering Criminal Use of E2EE 63 16. Preventing Criminal Use – EMS Feature Attributes 63 17. Identifying Patterns of Criminal Use – Metadata Analysis 66 18. Disrupting Criminal Use – Technical Tools to Detect Illegal Content 78 19. Going Beyond The Encryption Debate 85 Part 4 – Tech Against Terrorism’s Recommendations for Tech Platforms 20. Recommendation: Mitigating Risks of Terrorist and Violent Extremist Use of EMS 93 21. Recommendation: Taking A Stand For Encryption 99 Annex Annex 1. Encryption Technology 103 Annex 2. Encryption: A Backbone Of Today’s Digital World 108 Annex 3. The Encryption Debate 110 Annex 4.
  • Humanitarian Futures for Messaging Apps

    Humanitarian Futures for Messaging Apps

    HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION Syrian refugees, landed on Lesbos in Greece, looking for a mobile signal to check their location and notify relatives that they arrived safely. International Committee of the Red Cross 19, avenue de la Paix 1202 Geneva, Switzerland T +41 22 734 60 01 F +41 22 733 20 57 E-mail: [email protected] www.icrc.org January 2017 Front cover: I. Prickett/UNHCR HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION This report, commissioned by the International Committee of the Red Cross (ICRC), is the product of a collaboration between the ICRC, The Engine Room and Block Party. The content of this report does not reflect the official opinion of the ICRC. Responsibility for the information and views expressed in the report lies entirely with The Engine Room and Block Party. Commissioning Editors: Jacobo Quintanilla and Philippe Stoll (ICRC). Lead Researcher: Tom Walker (The Engine Room). Content: Eytan Oren (Block Party), Zara Rahman (The Engine Room), Nisha Thompson, and Carly Nyst. Editors: Michael Wells and John Borland. Project Manager: Waiyee Leong (ICRC). The ICRC, The Engine Room and Block Party request due acknowledgement and quotes from this publication to be referenced as: ICRC, The Engine Room and Block Party, Humanitarian Futures for Messaging Apps, January 2017. This report is available at www.icrc.org, https://theengineroom.org and http://weareblockparty.com. This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-sa/4.0/.
  • Design Justice: Community-Led Practices to Build the Worlds We

    Design Justice: Community-Led Practices to Build the Worlds We

    Design Justice Information Policy Series Edited by Sandra Braman The Information Policy Series publishes research on and analysis of significant problems in the field of information policy, including decisions and practices that enable or constrain information, communication, and culture irrespective of the legal siloes in which they have traditionally been located, as well as state- law- society interactions. Defining information policy as all laws, regulations, and decision- making principles that affect any form of information creation, processing, flows, and use, the series includes attention to the formal decisions, decision- making processes, and entities of government; the formal and informal decisions, decision- making processes, and entities of private and public sector agents capable of constitutive effects on the nature of society; and the cultural habits and predispositions of governmentality that support and sustain government and governance. The parametric functions of information policy at the boundaries of social, informational, and technological systems are of global importance because they provide the context for all communications, interactions, and social processes. Virtual Economies: Design and Analysis, Vili Lehdonvirta and Edward Castronova Traversing Digital Babel: Information, e- Government, and Exchange, Alon Peled Chasing the Tape: Information Law and Policy in Capital Markets, Onnig H. Dombalagian Regulating the Cloud: Policy for Computing Infrastructure, edited by Christopher S. Yoo and Jean- François Blanchette Privacy on the Ground: Driving Corporate Behavior in the United States and Europe, Kenneth A. Bamberger and Deirdre K. Mulligan How Not to Network a Nation: The Uneasy History of the Soviet Internet, Benjamin Peters Hate Spin: The Manufacture of Religious Offense and Its Threat to Democracy, Cherian George Big Data Is Not a Monolith, edited by Cassidy R.
  • Open Whisper Systems Protocol

    Open Whisper Systems Protocol

    Open Whisper Systems Protocol Azotic or picayune, Walther never intermarries any butlerages! Logy Brewster predestinate luridly. Farcical and corneous Merv never break-ups spherically when Rajeev understocks his Java. If not, then it is famous with the encryption. In quick release, Open Whisper Systems released Signal and then versions for Android and the Chrome browser. On the lead hand, chatting apps started deploying encryption in as name of security. Group threads in open whisper systems protocol manager takes the table in two sessions are not? Sms needs of open whisper systems. Initial shared key of people, great track secret world, and propagated with some additional feature was that? This may result in bad UX. How much does the world, if you need for using the signal browser is latest blogs and implementation. Its code received a duplicate of passenger for the basic structure as cost as code quality which the Messenger service. It uses your mobile phone number can create an account fee can bypass be used to baby with other users having a Signal. Please try at later. His sense, he says, is determined make those protections possible for the average amount without much tech savvy. No spam, we promise. No access to open whisper systems protocol in hundreds of infrastructure and system of data that secure is a message transfer security analyses in person on. It is thought possible to delete an entire marital history. Signal protocol developed by open whisper systems project zero code strong as always focused on telegram account. Signal protocol implementation of open whisper systems was exchanged between them in my phone number to another piece of health, or decrypt a great if turned on.
  • Neutralité Des Plateformes

    Neutralité Des Plateformes

    Neutralité des plateformes Réunir les conditions d’un environnement numérique ouvert et soutenable Mai 2014 Rapport du Conseil national du numérique sur la neutralité des plateformes remis au ministre de l’Économie, du Redressement productif et du Numérique et à la secrétaire d’État chargée du Numérique 2 Sommaire Avis ........................................................................................................................... 5 Volet I - Renforcer l’effectivité des droits sur les plateformes numériques ....... 11 Volet II - Garantir la loyauté du système des données ......................................... 13 Volet III - Pas de compétitivité sans un investissement massif dans les compétences et les connaissances ........................................ 17 Volet IV - Créer les conditions pour l’émergence d’alternatives ......................... 19 Annexes .................................................................................................................... 23 Fiches thématiques .................................................................................................. 25 Fiche 1 – Les ressources du droit au service de la neutralité ............................. 27 Fiche 2 – La loyauté et la soutenabilité du système des données ...................... 33 Fiche 3 – La neutralité positive : réunir les conditions d’un Internet ouvert ......... 43 Rapport d’analyse sur les écosystèmes de plateformes ..................................... 49 Lettre de saisine .....................................................................................................
  • 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

    Case 2:16-cv-02340-AB-PJW Document 1 Filed 04/06/16 Page 1 of 9 Page ID #:1 1 QUINN EMANUEL URQUHART & SULLIVAN, LLP Bruce E. Van Dalsem (Bar No. 124128) 2 ([email protected]) Daniel C. Posner (Bar No. 232009) 3 ([email protected]) Alex Bergjans (Bar No. 302830) 4 ([email protected]) 865 South Figueroa Street, 10th Floor 5 Los Angeles, California 90017-2543 Telephone: (213) 443-3000 6 Facsimile: (213) 443-3100 7 Attorneys for Plaintiff Wire Swiss GmbH 8 9 UNITED STATES DISTRICT COURT 10 CENTRAL DISTRICT OF CALIFORNIA 11 12 WIRE SWISS GmbH , a Swiss CASE NO. 2:16 -cv -2340 corporation; 13 Plaintiff, COMPLAINT FOR 14 DECLARATORY JUDGMENT OF v. NON -INFRINGEMENT; EXTORTION 15 QUIET RIDDLE VENTURES, LLC 16 d/b/a OPEN WHISPER SYSTEMS; DEMAND FOR JURY TRIAL and MOXIE MARLINSPIKE aka 17 MATTHEW ROSENFELD and/or MIKE BENHAM, an individual, 18 Defendants. 19 20 21 22 23 24 25 26 27 28 COMPLAINT Case 2:16-cv-02340-AB-PJW Document 1 Filed 04/06/16 Page 2 of 9 Page ID #:2 1 Plaintiff Wire Swiss GmbH (“Wire Swiss”) alleges against defendants Quiet 2 Riddle Ventures LLC dba Open Whisper Systems (“Open Whisper Systems”) and 3 Moxie Marlinspike, aka Matthew Rosenfield and/or Mike Benham (“Marlinspike,” 4 and collectively with Open Whisper Systems, “Defendants”), as follows: 5 NATURE OF THE ACTION 6 1. This is an action for a declaratory judgment of non-infringement of 7 copyright. As alleged in further detail below, Defendants claim copyright in certain 8 open-source software code used for encrypting data communications.
  • HUNTING for VULNERABILITIES in SIGNAL JP Aumasson & Markus Vervier

    HUNTING for VULNERABILITIES in SIGNAL JP Aumasson & Markus Vervier

    HUNTING FOR VULNERABILITIES IN SIGNAL JP Aumasson & Markus Vervier 1 WHOIS JP (@veorq) Principal researcher @ Kudelski Security Speaks French Crypto guy Markus (@marver) Head of research @ x41 D-Sec Speaks German Not CISSP 2 PROPS This BH US 2016 boring talk Open Whisper Systems Eric Sesterhenn Hanno Boeck 3 AGENDA Signal internals, security promises Attack surface and liabilities Bugs, alternative features, and demos Conclusions 4 SIGNAL 5 THE SIGNAL APPS Mobile apps for messaging & audio/video calls By Open Whisper Systems (Moxie Marlinspike et al.) Formerly known as "TextSecure", "RedPhone" Android, iOS, and Chrome Desktop app 6 TRUSTED TOOL Endorsed by Snowden and other opinion leaders Popular among activists in the US and abroad Minimal data collection from Signal servers 7 SECURITY PROMISES Solid end-to-end encryption, defending against Active network attackers Client and server compromises Traffic analysis (partially) High assurance software, with Code perceived as high-quality No major security issue ever Reproducible Android builds 8 SIGNAL IS MORE THAN SIGNAL Core crypto "libsignal" licensed to and integrated in Facebook Messenger's "Secret Conversations" mode Facebook WhatsApp default encryption Google Allo's "Incognito" mode 9 10 KEY AGREEMENT: X3DH Combines 4 key pairs: long-term and ephemeral One-time prekeys trick, to simulate online-ness Forward-secret, resilient to malicious servers Out-of-band identity verification necessary 11 SESSION KEYS: DOUBLE RATCHET Protocol to compute message-unique keys: New Diffie-Hellman for every first message from a party "Key := Hash(Key)" for consecutive messages Past and future messages safe if present key known Attachments have identical protection 12 THE "SIGNAL PROTOCOL" = X3DH and double ratchet as implemented in Signal (Moxie Marlinspike, [email protected] ML, 30.11.16) 13 WAIT – WAS THAT ALL? 14 UNSPECIFIED a.k.a.
  • The Humanitarian Metadata Problem: 'Doing No Harm' in the Digital

    The Humanitarian Metadata Problem: 'Doing No Harm' in the Digital

    THE HUMANITARIAN METADATA PROBLEM: “DOING NO HARM” IN THE DIGITAL ERA OCTOBER 2018 1 THE HUMANIT ARIAN METADATA PROBLEM : “DOING NO HARM” IN THE DIGIT AL ERA OCTOBER 2018 About this study New technologies continue to present great risks and opportunities for humanitarian action. To ensure that their use does not result in any harm, humanitarian organisations must develop and implement appropriate data protection standards, including robust risk assessments. However, this requires a good understanding of what these technologies are, what risks are associat- ed with their use, and how we can try to avoid or mitigate them. The following study tries to answer these questions in an accessible manner. The aim is to provide people who work in the humanitarian sphere with the knowledge they need to understand the risks involved in the use of certain new technologies. This paper also discusses the “do no harm” principle and how it applies in a digital environment. This study was commissioned by the International Committee of the Red Cross (ICRC) to Privacy International (PI). The study does not advocate for privacy or against surveillance. Rather, it maps out where surveillance may obstruct or threaten the neutral, impartial and independent nature of humanitarian action. This study is based on the most updated information publicly available and/or obtained by the au- thors at the time of writing (July 2018). About the ICRC The International Committee of the Red Cross (ICRC) is an impartial, neutral and independent organi- sation whose exclusively humanitarian mission is to protect the lives and dignity of victims of armed conflict and other situations of violence and to provide them with assistance.