A Solid-Powered Decentralised Social Network for Academics: an Evaluation of Key Considerations for Developing Practical Solid-Powered Applications

Total Page:16

File Type:pdf, Size:1020Kb

A Solid-Powered Decentralised Social Network for Academics: an Evaluation of Key Considerations for Developing Practical Solid-Powered Applications A Solid-powered decentralised social network for academics: An evaluation of key considerations for developing practical Solid-powered applications Akashdeep Singh Lamba, B.Tech. A Dissertation Presented to the University of Dublin, Trinity College in partial fulfilment of the requirements for the degree of Master of Science in Computer Science (Intelligent Systems) Supervisor: Prof. Declan O'Sullivan Co-Supervisor: Dr. Jeremy Debattista August 2019 Declaration I, the undersigned, declare that this work has not previously been submitted as an exercise for a degree at this, or any other University, and that unless otherwise stated, is my own work. Akashdeep Singh Lamba August 12, 2019 Permission to Lend and/or Copy I, the undersigned, agree that Trinity College Library may lend or copy this thesis upon request. Akashdeep Singh Lamba August 12, 2019 This work is dedicated to Professor Seamus Lawless Acknowledgments I'd like to take this opportunity to acknowledge Prof. Declan O'Sullivan and Dr. Jeremy Debattista for continued support and guidance throughout the process. Prof. Siobh´anClarke for valuable insights on Software Engineering and pointing me to ICSE which ultimately led me to some critical resources for my literature review. I also appreciate the efforts of the entire staff of Trinity for making sure the students have a pleasant learning experience. I'd also like to extend my sincere appreciation to the entire Solid Community, especially Ruben Verborgh, Sir Tim Berners-Lee, Mitzi L´aszl´o,James Martin, Mark Hughes and all other individuals who took the time to answer my questions on various platforms, and for keeping Solid going. Finally, I'd like to express my gratitude towards my family and friends for their constant encouragement and for helping me edit. I wouldn't have been able to complete this journey if it weren't for all the motivation from everyone. Akashdeep Singh Lamba University of Dublin, Trinity College August 2019 iv A Solid-powered decentralised social network for academics: An evaluation of key considerations for developing practical Solid-powered applications Akashdeep Singh Lamba, Master of Science in Computer Science University of Dublin, Trinity College, 2019 Supervisor: Prof. Declan O'Sullivan Co-Supervisor: Dr. Jeremy Debattista Contemporary Social Networking applications are centralised, provide limited access control capabilities which are driven by dense privacy policies subject to change due to business considerations. Additionally, data ownership is impossible, interoperability between applications is in-feasible, and privacy of user data is not guaranteed. Decentralisation is a potential solution to some of these problems, and Solid is a project that intends to make a fully decentralised read/write Semantic Web a reality. Solid is a set of standards and tools whose core tenets are decentralisation, complete and customisable access control, full data ownership, and reusable code. With this study, we aimed to learn about Solid and to evaluate the developer ex- perience. The objective was to produce a proof-of-concept Solid application, arrive at a set of guidelines for Solid development, and recommend improvements to Solid. A critical analysis of the developer experience revealed that Solid, though promising and important, is not yet ready for general uptake as the specification is not frozen. Solid development requires considerable prior knowledge of Linked Data and additional con- cepts such as Web Access Control, and the existing learning resources are inadequate. Thus, the developer experience is not mature enough to be scalable. Contents Acknowledgments iv Abstract v I Thesis x List of Tables xi List of Figures xii List of Abbreviations xiv Chapter 1 Introduction 1 1.1 Background . 2 1.2 Motivation . 2 1.3 Goals and Contributions . 3 1.4 Research Question . 4 1.5 Non-goals . 5 1.6 Research Areas . 5 1.7 Organisation of this document . 7 Chapter 2 Related Work 9 2.1 Literature review strategy . 9 2.2 State of privacy in centralised social networks . 11 2.3 Bootstrapping a developer in a new technology . 17 2.3.1 On-boarding and Developer Experience . 17 vi 2.3.2 Documentation and Learning resources . 20 2.4 Decentralisation efforts . 23 2.5 State of the art of Solid . 30 2.5.1 Linked Data . 30 2.5.2 Building blocks of Solid . 31 2.5.3 Solid applications . 35 2.6 Summary and Next Chapter . 36 Chapter 3 Research Methods 37 3.1 Participant profile . 38 3.2 Study design . 38 3.3 Summary and Next Chapter . 39 Chapter 4 Application Design and Implementation 40 4.1 Development Environment . 40 4.2 Use-case Analysis . 41 4.3 Functional Requirements . 41 4.4 Design Decisions . 43 4.5 System design . 48 4.6 Data models . 49 4.7 Technical Implementation Details . 50 4.8 Summary and Next Chapter . 51 Chapter 5 Evaluation 53 5.1 Development Experience Evaluation . 53 5.1.1 DX1: Quality of learning resources . 53 5.1.2 DX2: Activity in the community . 55 5.1.3 DX3: Quality and quantity of tooling . 57 5.1.4 DX4: Stability of the platform . 60 5.1.5 DX5: Technical capabilities and features of the project . 60 5.2 Application Evaluation . 62 5.2.1 Performance . 62 5.2.2 Privacy by design . 62 5.2.3 DOSN classification . 64 vii 5.3 Summary and Next Chapter . 64 Chapter 6 Discussion and Conclusions 65 6.1 Threats to Validity . 67 Chapter 7 Future work 68 Bibliography 71 Appendix A Development Journal 95 A.1 Background . 95 A.1.1 20-12-2018 . 95 A.2 First Contact . 96 A.2.1 20-12-2018 . 96 A.3 Initial hurdles . 97 A.3.1 23-12-2018 . 97 A.3.2 27-12-2018 . 98 A.3.3 18-01-2018 . 98 A.4 Read data from and Write data to Pod . 99 A.4.1 2-02-2019 . 99 A.4.2 2-05-2019 . 99 A.4.3 11-05-2019 . 99 A.4.4 12-05-2019 . 101 A.4.5 12-05-2019 . 101 A.4.6 13-05-2019 . 101 A.4.7 16-05-2019 . 102 A.4.8 17-05-2019 . 102 A.4.9 17-05-2019 . 104 A.5 Migration of Pods . 104 A.5.1 21-05-2019 . 104 A.6 Implementation: A very long post . 105 A.6.1 25-05-2019 . 105 A.6.2 30-05-2019 . 106 A.6.3 1-06-2019 . 106 viii A.6.4 3-06-2019 . 106 A.6.5 5-06-2019 . 107 A.6.6 7-06-2019 . 107 A.6.7 7-06-2019 . 107 A.6.8 8-06-2019 . 108 A.6.9 16-06-2019 . 109 A.6.10 17-06-2019 . 109 A.6.11 17-06-2019 . 110 A.6.12 22-06-2019 . 110 A.6.13 25-06-2019 . 111 A.6.14 8-07-2019 . 112 A.6.15 10-07-2019 . 113 A.6.16 10-07-2019 . 113 A.6.17 12-07-2019 . 114 A.7 Final session: almost finishing touches . 115 A.7.1 14-07-2019 . 115 A.7.2 17-07-2019 . 115 A.7.3 18-07-2019 . 115 Appendix B Application Screenshots 117 II Getting Started with Solid 125 ix Part I Thesis x List of Tables 2.1 Literature review search terms . 11 2.2 Framework for Developer Experience (DX) [1] . 17 2.3 Developer joining model [2] . 18 2.4 Comparison of decentralised online social networks . 26 4.1 Functionality implementation mapping with Solid features . 52 5.1 Evaluation of Solid tutorials . 54 5.2 Gitter messages on Solid and Deno rooms, as on 06-08-2019 . 57 xi List of Figures 1.1 Research Areas . 6 2.1 A typical social network [3] . 15 2.2 A classification of common DOSN privacy models [4] . 24 2.3 The federation of DOSNs [5] . 28 2.4a Example RDF encoded as Turtle . 31 2.4b Graphical representation of example RDF . 31 4.1 Follow request life-cycle . 46 4.2 High-level overview of Feed aggregation . ..
Recommended publications
  • PDF FACULTAD DE BELLAS ARTES Archivo Digital: Descarga Y Online ISBN 978-950-34-1541-2 Decana Secretaria De 1
    1º Encuentro de las cátedras de Lenguaje Visual 2B, Patrimonio Cultural e Historia de las Artes Visuales IX 1º Encuentro de las cátedras de Lenguaje Visual 2B, Patrimonio Cultural e Historia de las Artes Visuales IX 1º Encuentro de las cátedras de Lenguaje Visual 2B, Patrimonio Cultural e Historia de las Artes Visuales IX Diciembre de 2016 Visualidades contemporáneas: patrimonio, exposiciones y dispositivos / Mariel Ciafardo... [et al.]. - 1a ed. - La Plata : Universidad Nacional de La Plata. Facultad de Bellas Artes, 2017. Libro digital, PDF FACULTAD DE BELLAS ARTES Archivo Digital: descarga y online ISBN 978-950-34-1541-2 Decana Secretaria de 1. Patrimonio. 2. Historia del Arte. I. Ciafardo, Mariel Prof. Mariel Ciafardo Publicaciones y Posgrado CDD 709 Prof. María Elena Larrègle Vicedecana Prof. Cristina Terzaghi Secretaria de Extensión Prof. María Victoria Mc Coubrey Secretaria de Decanato Prof. Paula Sigismondo Secretario de Relaciones Institucionales Secretaria de Asuntos Académicos DI Eduardo Pascal Prof. Santiago Romé Secretario de Cultura Jefa del Departamento Lic. Carlos Coppa de Estudios Históricos y Sociales Lic. Paola Sabrina Belén Secretario de Producción y Comunicación Secretario de Planificación, Prof. Martín Barrios Infraestructura y Finanzas DCV Juan Pablo Fernández Secretario de Asuntos Estudiantiles Prof. Esteban Conde Ferreira Secretaria de Ciencia y Técnica Lic. Silvia García Secretario de Programas Externos DCV Fermín González Laría COMITÉ ORGANIZADOR Lic. Liliana Conles Prof. Sergio Moyinedo Prof. Mariel Ciafardo Lic. Paola Sabrina Belén Lic. Natalia Giglietti Mg. Francisco Lemus Diseño Prof. Marina Panfili DCV Diego R. Ibañez Roka Edición de contenido Lic. Natalia Giglietti Mg. Francisco Lemus Obra de tapa Cristina Schiavi, Nocturno, 2013, acrílico sobre mdf, 135 x 135 cm, Colección Malba-Fundación Costantini.
    [Show full text]
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
    [Show full text]
  • Zeronet Presentation
    ZeroNet Decentralized web platform using Bitcoin cryptography and BitTorrent network. ABOUT ZERONET Why? Current features We believe in open, free, and ◦ Real-time updated sites uncensored network and communication. ◦ Namecoin .bit domain support ◦ No hosting costs ◦ Multi-user sites Sites are served by visitors. ◦ Password less, Bitcoin's BIP32- ◦ Impossible to shut down based authorization It's nowhere because it's ◦ Built-in SQL server with P2P data everywhere. synchronization ◦ No single point of failure ◦ Tor network support Site remains online so long as at least 1 peer serving it. ◦ Works in any browser/OS ◦ Fast and works offline You can access the site even if your internet is unavailable. HOW DOES IT WORK? THE BASICS OF ASYMMETRIC CRYPTOGRAPHY When you create a new site you get two keys: Private key Public key 5JNiiGspzqt8sC8FM54FMr53U9XvLVh8Waz6YYDK69gG6hso9xu 16YsjZK9nweXyy3vNQQPKT8tfjCNjEX9JM ◦ Only you have it ◦ This is your site address ◦ Allows you to sign new content for ◦ Using this anyone can verify if the your site. file is created by the site owner. ◦ No central registry ◦ Every downloaded file is verified, It never leaves your computer. makes it safe from malicious code inserts or any modifications. ◦ Impossible to modify your site without it. MORE INFO ABOUT CRYPTOGRAPHY OF ZERONET ◦ ZeroNet uses the same elliptic curve based encryption as in your Bitcoin wallet. ◦ You can accept payments directly to your site address. ◦ Using the current fastest supercomputer, it would take around 1 billion years to "hack" a private key. WHAT HAPPENS WHEN YOU VISIT A ZERONET SITE? WHAT HAPPENS WHEN YOU VISIT A ZERONET SITE? (1/2) 1 Gathering visitors IP addresses: Please send some IP addresses for site 1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr OK, Here are some: 12.34.56.78:13433, 42.42.42.42:13411, ..
    [Show full text]
  • The Book of Swarm Storage and Communication Infrastructure for Self-Sovereign Digital Society Back-End Stack for the Decentralised Web
    the book of Swarm storage and communication infrastructure for self-sovereign digital society back-end stack for the decentralised web Viktor Trón v1.0 pre-release 7 - worked on November 17, 2020 the swarm is headed toward us Satoshi Nakamoto ii CONTENTS Prolegomena xi Acknowledgments xii i prelude 1 the evolution2 1.1 Historical context 2 1.1.1 Web 1.02 1.1.2 Web 2.03 1.1.3 Peer-to-peer networks 6 1.1.4 The economics of BitTorrent and its limits 7 1.1.5 Towards Web 3.08 1.2 Fair data economy 12 1.2.1 The current state of the data economy 12 1.2.2 The current state and issues of data sovereignty 13 1.2.3 Towards self-sovereign data 15 1.2.4 Artificial intelligence and self-sovereign data 16 1.2.5 Collective information 17 1.3 The vision 18 1.3.1 Values 18 1.3.2 Design principles 19 1.3.3 Objectives 19 1.3.4 Impact areas 20 1.3.5 The future 21 ii design and architecture 2 network 25 2.1 Topology and routing 25 2.1.1 Requirements for underlay network 25 2.1.2 Overlay addressing 26 2.1.3 Kademlia routing 27 2.1.4 Bootstrapping and maintaining Kademlia topology 32 2.2 Swarm storage 35 2.2.1 Distributed immutable store for chunks 35 2.2.2 Content addressed chunks 38 2.2.3 Single-owner chunks 41 2.2.4 Chunk encryption 42 2.2.5 Redundancy by replication 43 2.3 Push and pull: chunk retrieval and syncing 47 iii 2.3.1 Retrieval 47 2.3.2 Push syncing 51 2.3.3 Pull syncing 53 2.3.4 Light nodes 55 3 incentives 57 3.1 Sharing bandwidth 58 3.1.1 Incentives for serving and relaying 58 3.1.2 Pricing protocol for chunk retrieval 59 3.1.3 Incentivising push-syncing
    [Show full text]
  • Zeronet Browser Bundle
    IJSRD - International Journal for Scientific Research & Development| Vol. 5, Issue 03, 2017 | ISSN (online): 2321-0613 ZeroNet Browser Bundle Amol Kulkarni1 Abhishek Bagde2 Bhagyesh Dhatrak3 Akshay Tiwari4 Saguna Ingle5 1,2,3,4,5Department of Computer Engineering 1,2,3,4,5Ramrao Adik Institute of Technology, Nerul, India Abstract— The Internet is the global system of interconnected computer network that links billions of devices worldwide. It III. OBJECTIVE OF THE STUDY is a network of networks that consist of millions of private, Following are the objectives that were considered during the public academic business and government network of local development of this project: and global scope, linked by a broad array of electronics Easy access of a free peer to peer network. wireless and optical networking technologies. ZeroNet is a Reducing configuration steps for accessing ZeroNet. new emerging overlay network that could provide alternative to the existing centralized system. ZeroNet provides open free Making ZeroNet available to majority of the masses. and uncensored service using bitcoin cryptography and BitTorrent network. In ZeroNet content is distributed directly IV. PROPOSED METHODOLOGY to other visitor without any central server. It is decentralized From analysis we can say that current browsers do not satisfy web platform using Bitcoin cryptography and BitTorrent the exact requirement of access to ZeroNet sites. Also, it network. Currently while using ZeroNet protocol through solely depends on the active user to Configure their browser. existing browser user has to go through long and tedious Our proposed ZeroNet Browser overcomes these limitations process which could discourage a user to opt for ZeroNet in of content based filtering such as the ability to provide day to day use.
    [Show full text]
  • Unveiling the I2P Web Structure: a Connectivity Analysis
    Unveiling the I2P web structure: a connectivity analysis Roberto Magan-Carri´ on,´ Alberto Abellan-Galera,´ Gabriel Macia-Fern´ andez´ and Pedro Garc´ıa-Teodoro Network Engineering & Security Group Dpt. of Signal Theory, Telematics and Communications - CITIC University of Granada - Spain Email: [email protected], [email protected], [email protected], [email protected] Abstract—Web is a primary and essential service to share the literature have analyzed the content and services offered information among users and organizations at present all over through this kind of technologies [6], [7], [2], as well as the world. Despite the current significance of such a kind of other relevant aspects like site popularity [8], topology and traffic on the Internet, the so-called Surface Web traffic has been estimated in just about 5% of the total. The rest of the dimensions [9], or classifying network traffic and darknet volume of this type of traffic corresponds to the portion of applications [10], [11], [12], [13], [14]. Web known as Deep Web. These contents are not accessible Two of the most popular darknets at present are The Onion by search engines because they are authentication protected Router (TOR; https://www.torproject.org/) and The Invisible contents or pages that are only reachable through the well Internet Project (I2P;https://geti2p.net/en/). This paper is fo- known as darknets. To browse through darknets websites special authorization or specific software and configurations are needed. cused on exploring and investigating the contents and structure Despite TOR is the most used darknet nowadays, there are of the websites in I2P, the so-called eepsites.
    [Show full text]
  • P2P-Hate-Report.Pdf
    I’m in a community called Scuttlebutt which uses Peer-to-Peer technology. This is a type of ​ ​ technology that works radically differently from the internet as we know it now and offers a powerful vision for a resilient and sustainable future for technology and social movements. One evening, a friend who is a developer on Scuttlebutt and also has marginalized identities like myself messaged me and a small group of others with great concern writing: “Ok - so we have nazis already using scuttlebutt. When the NZ shootings happened I had a dream that in the news it was announced that they had been using an enclave of scuttlebutt to organise and radicalise. It seems inevitable that this will happen…” It continued a long conversation about the risks created by these radical technologies. My friend was genuinely afraid. So was I. And I still am. Like so many others, he had put a ton of work into cultivating both the community and the technology. He was scared both that the product of so many people’s love would become a central aid in white-supremacist organizing and that the community wasn’t ready to deal with the fall out of such a “nightmarish vision.” In most Peer-to-Peer communities it is impossible to surveill them or know how many people are using them because they are secure and often private by design. The only way to even catch a glimpse of how many white supremacists are using them is when they post on leaked forums or public websites. Otherwise, unless their conversations are infiltrated, we can only see the tips of the iceberg of the violence (or good!) facilitated by these technologies.
    [Show full text]
  • ZERONET: an OVERVIEW M.Pavithra1, S.Vasanth2, R
    International Journal of Pure and Applied Mathematics Volume 119 No. 14 2018, 1347-1351 ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue ijpam.eu ZERONET: AN OVERVIEW M.Pavithra1, S.Vasanth2, R.Rajmohan3, D.Jayakumar4 1,2Departmentof CSE, PEC, Pondicherry, India 3,4Department of CSE, IFET, Villupuram, India ABSTRACT— Internet is the basic need in todays life. anywhere virtually but actually the data is nowhere. Sharing of data’s resources files among different group Python based software called zeronet can be used to of user is possible because of the emerging growth of achieve the virtuality. The network does not rely on internet. Once the internet is only for the group of centralized resources instead of that each user will people works within an organization i.e. it is a maintain their own data the authority of the data must standalone network may or may not connected to the depend on the individual user who rely on the network. network. Later everything moved towards a centralized It makes an user interface decentralized instead of network. Every user in the network will rely on the network. The zeronet is said to be an decentralized web central authority the authority must responsible to browser and it is an open source python based software manage maintain and update the user request. And most here the user can create their own site without much importantly the centralized network is established on effort and they will be able to maintain it. They will act the client server exemplary, if particular site can be as an owner for their own data every other user will able requested by an end user the request can be sent to the to access the data but no one will change the data.
    [Show full text]
  • NSIGHT SERIES May 2020 — Issue 5
    NSIGHT SERIES May 2020 — Issue 5 The Decline of the Dark Web How Mobile Solutions have Disrupted the Dark Web The dark web is in decline. Once the preferred means for anonymizing users’ online activity, the dark web has now been supplanted by encrypted mobile applications and alternate solutions. Similarly, aggressive law enforcement actions have shuttered many of the dark web’s largest forums, making it a much more fleeting and much less secure destination for criminal activity. As a result, the number of users accessing dark web sites has dropped. Instead, many users are connecting through the dark web via mobile applications on Android and iOS, rather than to the dark web via standard browsers, to obfuscate their internet traffic. Indeed, the number of users accessing the Tor network has increased, even as the number of users accessing hidden Dark web platforms such as The Onion Router (Tor), I2P, service sites—the “dark” part of the dark web—has dropped. Freenet, and Zeronet, attempt to anonymize users’ digital Moreover, encrypted applications like Telegram, Signal, fingerprint so that technical attributes like IP addresses are and Wickr.me have lowered the barrier to entry for secure not easily available to entities with intent to track users’ communication and illicit transactions. As a result, just like online activity. This emphasis on anonymity was designed to many other industries, the dark web has been disrupted keep the dark web free from oversight, free from censorship, by technological innovation and aggressive competition, and open to anyone in any location. The developers of Tor, triggering a gradual decline and turning the so-called the most popular dark web platform, promote it as a tool invisible internet even more opaque.
    [Show full text]
  • E-Brief // Jan 31 2019
    CONFIDENTIAL E-BRIEF // JAN 31 2019 Intelligence vs Data 2 China Hacked HPE, IBM And Then Attacked Clients 3 Pro-ISIS Media Organization Testing the “ZeroNet” Decentralized Peer-to-Peer Network 5 Cyber Criminals Likely Obfuscate Exploitation through Web Browser Extensions, Increasing Ability to Distribute Malware to End Users 7 Anonymous-Related Individuals Create Virtual World for Online Communication and Commerce 9 DC Schools Launch New Panic Button App to Alert First Responders in Crisis Situations 11 Homeland Security Program to Work on Correcting the Vulnerabilities with GPS 11 Ryuk Ransomware Affects Systems at US Industrial Supply Company 11 North Korea-Linked Hackers Target Academic Institutions 12 B&Q Data Leak Exposes Information On 70,000 Thefts From Its Stores, Including Names of Suspected Offenders 13 Global Hacking Campaign Takes Aim at Finance, Defense, and Energy Companies 15 Fighting Deepfakes Will Require More than Technology 16 Apple Launches New Transparency Report Website Showing Government Data Requests from around the World 16 Microsoft’s Search Engine Bing Shows Child Pornography, Report Finds 17 Amazon Sent 1,700 Audio Recordings of Alexa User to a Stranger 18 Russian Influence Actors Attempted to Amplify “Yellow Vest” Protest, Spread of Movement to US States 18 Hackers Target Organizations in the Naval and Maritime Sectors 20 Potential Use of ‘Mastodon Social’ as Twitter Alternative 21 Hackers are Spreading Islamic State Propaganda by Hijacking Dormant Twitter Accounts 23 Forget Bitcoin Why Criminals Are Using Fortnite to Launder Illicit Funds 24 Decrypted Telegram Bot Chatter Revealed as New Windows Malware 25 CONFIDENTIAL CONFIDENTIAL Intelligence vs Data What is Intelligence? Data is not information, information is not intelligence.
    [Show full text]
  • The Darknet Index: U.S
    The Darknet Index: U.S. Government Edition Ranking U.S. government agencies using darknet intelligence Introduction One measure of cybersecurity risk involves assessing how much data is available on the darknet about a company or organization that can be misused by hackers or criminals. A greater availability of data implies a higher risk profile, as more attack vectors are available for use against the organization. TABLE OF CONTENTS OWL Cybersecurity recently reranked the companies of the Fortune 1 500 based on their darknet footprints . We then ranked the largest Introduction ...............................1 2 commercial entities in Germany . Methodology................................3 The Top 10 ...................................5 In this report, we address how prominent U.S. government agencies, Conclusions..................................8 departments, and the U.S. military fare on the darknet as compared The Darknet Index......................9 to commercial enterprises. We examine 59 large divisions of the U.S. Government to see whether they have a markedly different About Us .....................................12 darknet footprint than the Fortune 500. Unfortunately, the results reveal that the U.S. Government has the largest collective darknet footprint of all of our darknet indices. By comparing how much compromised data was available on these numerous private networks, forums and channels, and running this information through our proprietary algorithm, we reached some key takeaways about the differences and similarities between the U.S. Government and large U.S. commercial entities. Intelligence gained from monitoring the darknets (Tor and other interconnected sources including IRC, I2P, ZeroNet, other hacker forums), as well as FTP servers, select paste sites, high-risk surface internet sites and more, constitutes what OWL Cybersecurity calls DARKINT™, or darknet intelligence.
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]