Experimental Analysis of Popular Anonymous, Ephemeral, and End-To-End Encrypted Apps∗
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
CS229 Project Report: Automated Photo Tagging in Facebook
CS229 Project Report: Automated photo tagging in Facebook Sebastian Schuon, Harry Robertson, Hao Zou schuon, harry.robertson, haozou @stanford.edu Abstract We examine the problem of automatically identifying and tagging users in photos on a social networking environment known as Facebook. The presented au- tomatic facial tagging system is split into three subsys- tems: obtaining image data from Facebook, detecting faces in the images and recognizing the faces to match faces to individuals. Firstly, image data is extracted from Facebook by interfacing with the Facebook API. Secondly, the Viola-Jones’ algorithm is used for locat- ing and detecting faces in the obtained images. Fur- thermore an attempt to filter false positives within the Figure 1: Schematic of the Facebook crawler face set is made using LLE and Isomap. Finally, facial recognition (using Fisherfaces and SVM) is performed on the resulting face set. This allows us to match faces 2 Collecting data from Facebook to people, and therefore tag users on images in Face- book. The proposed system accomplishes a recogni- To implement an automatic image tagging system, one tion accuracy of close to 40%, hence rendering such first has to acquire the image data. For the platform we systems feasible for real world usage. have chosen to work on, namely Facebook, this task used to be very sophisticated, if not impossible. But with the recent publication of an API to their platform, this has been greatly simplified. The API allows third party applications to integrate into their platform and 1 Introduction most importantly to access their databases (for details see figure 1 and [3]). -
Privacy Resources 2018
Privacy Resources 2018 By Marcus P. Zillman, M.S., A.M.H.A. Executive Director – Virtual Private Library [email protected] Privacy Resources 2018 is a comprehensive listing of privacy resources currently available on the Internet. These include associations, indexes, search engines as well as individual websites and sources that supply the latest technology and information about privacy and how it relates to you and the Internet. The below list of sources is taken from my Subject Tracer™ Information Blog titled Privacy Resources and is constantly updated with Subject Tracer™ bots from the following URL: http://www.PrivacyResources.info/ These resources and sources will help you to discover the many pathways available to you through the Internet to find the latest privacy sources and sites. Figure 1: Privacy Resources 2018 Subject Tracer™ Information Blog 1 [Updated: April 1, 2018] Privacy Resources 2018 White Paper Link Compilation http://www.PrivacyResources.info/ [email protected] Voice: 800-858-1462 © 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 Marcus P. Zillman, M.S., A.M.H.A. Privacy Resources 2018: 10 Best Security and Privacy Apps for Smartphones and Tablets http://drippler.com/drip/10-best-security-privacy-apps-smartphones-tablets 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html 10 Privacy Gadgets To Help You Keep a Secret http://www.popsci.com/keep-your-secrets-a-secret 10 Reasons to Use a VPN for Private Web Browsing http://netforbeginners.about.com/od/readerpicks/tp/Reasons-to-Use-a-VPN-Service.htm -
Common Sites and Apps Used by Teens
Common Sites and Apps Used by Teens SOCIAL NETWORKING: Facebook is the top social network on the web as it is used by more than 1 billion people each month. You can access this service using an app on a mobile device or internet service for a computer. People set up a profile and accept “friend requests.” There is a timeline to post events and share “status updates.” Certain groups can be set up as private or public. Users can be referenced in someone else’s text or picture (tagged). Teens are moving away from fb because many parents and grandparents are on the site. Officially, individuals should be 13 years of age to create an account but students in elementary schools report using this social networking site. Like Facebook, Twitter is a social network centered on microblogging with a 140-character text limit. An uploaded picture or text message is called a “Tweet.” The public can “follow” friends, celebrities, causes, businesses or tv shows. You can “tweet” live during a show by using # (hashtag). Students report concerning “subtweets,” which are comments intended for someone to see without mentioning their username, usually with a derogatory tone. Ask.fm is another popular pre-teen social networking website where users can ask other users questions. Users have to create an account to leave or receive comments. Ask.Fm is different than Facebook and Twitter because users can ask questions or leave comments anonymously. However, there is the option for users to not receive comments unless a sender identifies himself. This has been a popular venue for cyber-bullying. -
Cisco SCA BB Protocol Reference Guide
Cisco Service Control Application for Broadband Protocol Reference Guide Protocol Pack #60 August 02, 2018 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. -
Multi-Device for Signal
Multi-Device for Signal S´ebastienCampion3, Julien Devigne1, C´elineDuguey1;2, and Pierre-Alain Fouque2 1 DGA Maˆıtrisede l’information, Bruz, France [email protected] 2 Irisa, Rennes, France, [email protected], [email protected] Abstract. Nowadays, we spend our life juggling with many devices such as smartphones, tablets or laptops, and we expect to easily and efficiently switch between them without losing time or security. However, most ap- plications have been designed for single device usage. This is the case for secure instant messaging (SIM) services based on the Signal proto- col, that implements the Double Ratchet key exchange algorithm. While some adaptations, like the Sesame protocol released by the developers of Signal, have been proposed to fix this usability issue, they have not been designed as specific multi-device solutions and no security model has been formally defined either. In addition, even though the group key exchange problematic appears related to the multi-device case, group solutions are too generic and do not take into account some properties of the multi-device setting. Indeed, the fact that all devices belong to a single user can be exploited to build more efficient solutions. In this paper, we propose a Multi-Device Instant Messaging protocol based on Signal, ensuring all the security properties of the original Signal. Keywords: cryptography, secure instant messaging, ratchet, multi-device 1 Introduction 1.1 Context Over the last years, secure instant messaging has become a key application ac- cessible on smartphones. In parallel, more and more people started using several devices - a smartphone, a tablet or a laptop - to communicate. -
A History of End-To-End Encryption and the Death of PGP
25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment". -
Seamless Interoperability and Data Portability in the Social Web for Facilitating an Open and Heterogeneous Online Social Network Federation
Seamless Interoperability and Data Portability in the Social Web for Facilitating an Open and Heterogeneous Online Social Network Federation vorgelegt von Dipl.-Inform. Sebastian Jürg Göndör geb. in Duisburg von der Fakultät IV – Elektrotechnik und Informatik der Technischen Universität Berlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften - Dr.-Ing. - genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Thomas Magedanz Gutachter: Prof. Dr. Axel Küpper Gutachter: Prof. Dr. Ulrik Schroeder Gutachter: Prof. Dr. Maurizio Marchese Tag der wissenschaftlichen Aussprache: 6. Juni 2018 Berlin 2018 iii A Bill of Rights for Users of the Social Web Authored by Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington1 September 4, 2007 Preamble: There are already many who support the ideas laid out in this Bill of Rights, but we are actively seeking to grow the roster of those publicly backing the principles and approaches it outlines. That said, this Bill of Rights is not a document “carved in stone” (or written on paper). It is a blog post, and it is intended to spur conversation and debate, which will naturally lead to tweaks of the language. So, let’s get the dialogue going and get as many of the major stakeholders on board as we can! A Bill of Rights for Users of the Social Web We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically: Ownership of their own personal information, including: • their own profile data • the list of people they are connected to • the activity stream of content they create; • Control of whether and how such personal information is shared with others; and • Freedom to grant persistent access to their personal information to trusted external sites. -
Security System for Mobile Messaging Applications Pejman Dashtinejad
Security System for Mobile Messaging Applications Pejman Dashtinejad Master of Science Thesis Stockholm, Sweden TRITA–ICT–EX-2015:2 Introduction | 1 Security System for Mobile Messaging Applications Pejman Dashtinejad 8 January 2015 Master of Science Thesis Examiner Professor Sead Muftic Department of ICT KTH University SE-100 44 Stockholm, Sweden TRITA–ICT–EX-2015:2 Abstract | iii Abstract Instant messaging (IM) applications are one of the most popular applications for smartphones. The IMs have the capability of sending messages or initiating voice calls via Internet which makes it almost cost free for the users to communicate with each other. Unfortunately, like any other type of applications, majority of these applications are vulnerable to malicious attacks and have privacy issues. The motivation for this thesis is the need to identifying security services of an IM application and to design a secure system for any mobile messaging application. This research proposes an E2EE (End-to-End Encryption) approach which provides a secure IM application design which protects its users with better integrity, confidentiality and privacy. To achieve this goal a research is conducted to investigate current security features of popular messaging applications in the mobile market. A list of requirements for good security is generated and based on those requirements an architecture is designed. A demo is also implemented and evaluated. Keywords: Mobile, Application, messaging, Chat, Encryption, Security Acknowledgments | v Acknowledgments First and foremost, thank you God to give me another chance to complete my higher education and to learn enormous skills and knowledge through all these years of study at the university. -
Enterprise Edition
Secure Communication. Simplified. SAFECHATS Problem Most companies use popular insecure email and ⛔ messaging services to communicate confidential information P The information flow within the Company is ⛔ disorganized Metadata is exposed and available to third-party ⛔ services SAFECHATS Introducing SAFECHATS Ultra-secure communication solution P Designed with security in mind SAFECHATS Why SAFECHATS? ✔ Information is always end-to-end encrypted by default P ✔ All-in-one communication suite: • Text messaging (one-on-one and group chats) • Voice calls • File transfers (no size and file type limits) SAFECHATS How does SAFECHATS solve the problem? ✔ Customizable white label solution ✔ Integrates with existing softwareP infrastructure ✔ Enterprise-wide account and contact list management, supervised audited chats for compliance SAFECHATS What makes SAFECHATS different? ✔ Your own isolated cloud environment or on-premise deployment P ✔ Customizable solution allows to be compliant with internal corporate security policies ✔ No access to your phone number and contact list SAFECHATS Screenshot Protection ✔ Notifications on iOS P ✔ DRM protection on Android SAFECHATS Identity Verification ✔ Protection from man-in-the-middle attacksP ✔ SMP Protocol SAFECHATS Privacy Features ✔ Show / hide messages and files P ✔ Recall messages and files ✔ Self-destructing messages and files SAFECHATS Additional Protection ✔ History retention control P ✔ Application lock: • PIN-code • Pattern-lock on Android devices • Touch ID on iOS devices SAFECHATS How does SAFECHATS -
Obtaining and Using Evidence from Social Networking Sites
U.S. Department of Justice Criminal Division Washington, D.C. 20530 CRM-200900732F MAR 3 2010 Mr. James Tucker Mr. Shane Witnov Electronic Frontier Foundation 454 Shotwell Street San Francisco, CA 94110 Dear Messrs Tucker and Witnov: This is an interim response to your request dated October 6, 2009 for access to records concerning "use of social networking websites (including, but not limited to Facebook, MySpace, Twitter, Flickr and other online social media) for investigative (criminal or otherwise) or data gathering purposes created since January 2003, including, but not limited to: 1) documents that contain information on the use of "fake identities" to "trick" users "into accepting a [government] official as friend" or otherwise provide information to he government as described in the Boston Globe article quoted above; 2) guides, manuals, policy statements, memoranda, presentations, or other materials explaining how government agents should collect information on social networking websites: 3) guides, manuals, policy statements, memoranda, presentations, or other materials, detailing how or when government agents may collect information through social networking websites; 4) guides, manuals, policy statements, memoranda, presentations and other materials detailing what procedures government agents must follow to collect information through social- networking websites; 5) guides, manuals, policy statements, memorandum, presentations, agreements (both formal and informal) with social-networking companies, or other materials relating to privileged user access by the Criminal Division to the social networking websites; 6) guides, manuals, memoranda, presentations or other materials for using any visualization programs, data analysis programs or tools used to analyze data gathered from social networks; 7) contracts, requests for proposals, or purchase orders for any visualization programs, data analysis programs or tools used to analyze data gathered from social networks. -
DRC Diaspora Programme, DEMAC and GIZ, As Well As Consultations with Diaspora Communities in Europe for Possible Modalities of Diaspora Engagement
DRC DIASPORA PROGRAMME, DEMAC & GIZ’ Recommendations on behalf of diasporas to the Global Compact on Refugees’ Programme of Action Key considerations and recommendations to UNHCR and United Nations’ Member States 1 This paper sets forth joint recommendations of Danish Refugee Council Diaspora Programme, DEMAC (Diaspora Emergency Action and Coordination) and Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH (Sector Project Forced Displacement, on behalf of the German Federal Ministry for Economic Cooperation and Development, BMZ) for the Global Compact on Refugees’ Programme of Action, bringing together perspectives from a humanitarian and a development point of view. It is based on the experiences of DRC Diaspora Programme, DEMAC and GIZ, as well as consultations with diaspora communities in Europe for possible modalities of diaspora engagement. The objective of this paper is to ensure that the voices and perspectives of diaspora organisations will be reflected in the Global Compact on Refugee’s Programme of Action. Diasporas are dispersed collectives residing outside their country of origin who “maintain regular or occasional contacts with what they regard as their homeland and with individuals and groups of the same background residing in other host countries” (Sheffer: 2003, 9-10). Diasporas include first generation emigrants and their descendants, former refugees and asylum seekers. “Diaspora and refugee overlap significantly and are neither linear, nor static categories. The terms “refugee” and “diaspora” are situational identities that overlap and shift over time and depending on context. There is no bright line demarcation”. (Research paper No.278: 2016, UNHCR, 4) DRC, DEMAC and GIZ are focusing in this paper on diaspora organisations which are formally constituted entities comprising diaspora members that operate in their countries of settlement and countries of origin, and may also work in neighbouring (third) countries. -
Hard-Coded Censorship in Open Source Mastodon Clients — How Free Is Open Source?
Proceedings of the Conference on Technology Ethics 2020 - Tethics 2020 Hard-coded censorship in Open Source Mastodon clients — How Free is Open Source? Long paper Juhani Naskali 0000-0002-7559-2595 Information Systems Science, Turku School of Economics, University of Turku Turku, Finland juhani.naskali@utu.fi Abstract. This article analyses hard-coded domain blocking in open source soft- ware, using the GPL3-licensed Mastodon client Tusky as a case example. First, the question of whether such action is censorship is analysed. Second, the licensing compliance of such action is examined using the applicable open-source software and distribution licenses. Domain blocking is found to be censorship in the literal definition of the word, as well as possibly against some the used Google distribu- tion licenses — though some ambiguity remains, which calls for clarifications in the agreement terms. GPL allows for functionalities that limit the use of the software, as long as end-users are free to edit the source code and use a version of the appli- cation without such limitations. Such software is still open source, but no longer free (as in freedom). A multi-disciplinary ethical examination of domain blocking will be needed to ascertain whether such censorship is ethical, as all censorship is not necessarily wrong. Keywords: open source, FOSS, censorship, domain blocking, licensing terms 1 Introduction New technologies constantly create new challenges. Old laws and policies cannot al- ways predict future possibilities, and sometimes need to be re-examined. Open source software is a licensing method to freely distribute software code, but also an ideology of openness and inclusiveness, especially when it comes to FOSS (Free and Open-source software).