Cyber Security, Civil Society and Vulnerability in an Age of Communications Surveillance

Total Page:16

File Type:pdf, Size:1020Kb

Cyber Security, Civil Society and Vulnerability in an Age of Communications Surveillance Global InformatIon SocIety Watch 2014 Communications surveillance in the digital age This report was originally published as part of a larger compilation, which can be downloaded from GISWatch.org AssociAtion for Progressive communicAtions (APc) And HumAnist institute for cooPerAtion witH develoPing countries (Hivos) ISBN: 978-92-95102-16-3 APC-201408-CIPP-R-EN-DIGITAL-207 Creative Commons Attribution 3.0 Licence <creativecommons.org/licenses/by nc nd/3.0> Cyber security, civil society and vulnerability in an age of communications surveillance Alex Comninos and Gareth Seneque “the crossing of the Rubicon” (a point of no return) 6 Justus-Liebig University Giessen and Geist Consulting 1 for the use of state-sponsored malware. A number Comninos.org of similar worms, some of which have implemented Stuxnet’s source code, have arisen.7 Introduction Civil society organisations and human rights defenders are becoming victims of surveillance Cyber security is increasingly important to internet software. Some of this software is sold to law en- users, including stakeholders in governments, the forcement and intelligence agencies in repressive private sector and civil society. As internet users regimes. “Remote Access Trojans” can be bought 2 increase, so does the amount of malware, fuelled both legally and on the black market, as well as by ubiquitous smartphones and social network- downloaded for free, and are used to control mobile ing applications offering new vectors for infection. devices, laptops and computers remotely, capturing Botnets – networks of infected devices controlled all the information input/viewed by the user. Such by malicious operators – are used as proxies to software has been used to target activists in Bah- commit criminal acts including fraud and identity rain and Syria.8 or data theft. According to the antivirus company Edward Snowden’s disclosures of documen- Symantec, in 2013 data breach incidents resulted tary evidence regarding mass surveillance by the 3 in the exposure of 552 million personal identities. NSA, Government Communications Headquarters In May 2014, eBay announced that hackers had (GCHQ) in the United Kingdom, and other intelli- gained access to the personal data of 145 million gence agencies of the “Five Eyes”9 countries have customers and urged all customers to change their shown just how vulnerable the average netizen’s 4 passwords. Infrastructures connected to the inter- communications are to interception and surveil- net, such as power grids, are also vulnerable, and lance. The disclosures have also demonstrated how severely lacking security updates. A growing “inter- surveillance activities can negatively affect the cy- net of things”, which includes ubiquitous devices ber security of all internet users. from sensors in homes and cars to medical technol- It is tempting to think that more “cyber security” ogy, presents a plethora of new vulnerabilities to would be a means of countering the global privacy cyber security incidents. invasion caused by mass surveillance. However, cy- Increasingly, states are establishing military ber security discourse is dominated by states and “cyber units” or “cyber commands”, many of which corporations and focuses mainly on their security, 5 have offensive hacking capabilities. Michael rather than the security of civil society and of in- Hayden, a former director of both the CIA and the ternet users. Civil society needs a vision of cyber National Security Agency (NSA) has stated that Stux- security that puts the digital security of internet net, a state-sponsored computer worm discovered users at the centre of its focus. Attaining cyber in 2011 and designed to attack and incapacitate nu- security that protects human rights, including the clear reactors in the Natanz facility in Iran, marked 6 Healy, J. (2013, April 16). Stuxnet and the Dawn of Algorithmic 1 Alex Comninos is a doctoral candidate in the Department of Warfare. The Huffington Post. www.huffingtonpost.com/jason- Geography at Justus-Liebig University Giessen; Gareth Seneque is healey/stuxnet-cyberwarfare_b_3091274.html a Unix architect at Geist Consulting. 7 Bencsáth, B. (2012). Duqu, Flame, Gauss: Followers of Stuxnet. 2 Malware is malicious software that includes viruses, Trojan horses Presentation at the RSA Conference Europe 2012, Amsterdam, and spyware. the Netherlands, 10 October. www.rsaconference.com/writable/ 3 Symantec 2014 Internet Security Threat Report, Volume 19. www. presentations/file_upload/br-208_bencsath.pdf symantec.com/security_response/publications/threatreport.jsp 8 McMillan, R. (2011, August 7). How the Boy Next Door 4 Perlroth, N. (2014, May 21). eBay Urges New Passwords After Accidentally Built a Syrian Spy Tool. Wired. www.wired.com/ Breach. New York Times. www.nytimes.com/2014/05/22/ wiredenterprise/2012/07/dark-comet-syrian-spy-tool technology/ebay-reports-attack-on-its-computer-network.html 9 The “Five Eyes” countries are Australia, Canada, New Zealand, 5 Comninos, A. (2013). A cyber security agenda for civil society: What the United Kingdom and the United States, which are part of a is at stake? Johannesburg: APC. www.apc.org/en/node/17320 multilateral agreement on cooperation in signals intelligence. 32 / Global Information Society Watch right to privacy, while also ensuring an open and se- flict of interest in securing information: militaries, for cure internet, will not be possible unless dominant example, may want to develop offensive weapons, discourses on cyber security radically change. while intelligence agencies may rely on breaking or circumventing information insecurity in order to sur- The problems with “cyber security” veil better. Cyber security may also be used to protect The term “cyber security” often lacks clear defini- state secrets, and criminalise whistleblowers as cy- tion. It is used as an umbrella concept covering a ber security threats. Focusing on the state and ‘‘its’’ range of threats and responses10 involving national security, “crowds out consideration for the security of infrastructure, internet infrastructure, applications the individual citizen, with detrimental effects on the and software, and users. Sometimes it is even used security of the whole system.”15 to refer to the stability of the state and political Cyber security often disproportionately focuses structures. The inexact terminology of cyber secu- on the protection of information, databases, devices, rity “mixes legitimate and illegitimate concerns and assets and infrastructures connected to the internet, conflates different types and levels of risk.” This rather than on the protection of connected users. “prevents genuine objective scrutiny, and inevitably Technological infrastructures and the assets of cor- leads to responses which are wide-ranging and can porations are put at the centre of analysis, rather than easily be misused or abused.”11Cyber security not human beings. Human beings are seen as a threat in only leads to overly broad powers being given to the the form of bad “hackers” or as a weak link in infor- state, it also “risks generating a consensus that is mation systems, making mistakes and responding illusory” and not useful for the problems at hand.12 to phishing or “social engineering” attacks.16 Putting We need to carefully unpack the relevant issues and humans at the centre of cyber security is important. develop “a clear vocabulary of cyber security threats A definition of cyber security as purely protecting in- and responses,” so as to enable “targeted, effective, formation avoids ethical challenges. Cyber security and rights-respecting policies.”13 If we do not, cyber should not protect some people’s information at the security can be used by governments as a justifica- expense of others. It should also not protect infor- tion to censor, control or surveil internet use. mation about state secrets in order to enable mass Viewing cyber security as an issue of national surveillance and privacy invasion of individual users. security is perilous and unhelpful. We should distin- guish between, and not conflate, on the one hand, Cyber security and vulnerability protecting computers, networks and information, Cyber security discourse should focus more on in- and on the other hand using technological tools to formation security vulnerabilities, rather than on achieve security objectives. Using “cyberspace as threats and responses. This focus would help to a tool for national security, both in the dimension delineate what constitutes a cyber security issue, of war fighting and the dimension of mass surveil- avoid cyber security escalating to a counter-produc- lance, has detrimental effects on the level of cyber tive national security issue, and place a practical security globally.”14 When cyber security is framed as focus on the protection of all internet users. a national security issue, issues regarding technol- A security vulnerability, also called a “bug”, is ogy and the internet are securitised – brought onto a piece of software code that contains an error or the security agendas of states. This may be counter- weakness that could allow a hacker to compromise productive. The state, law enforcement, military and the integrity, availability or confidentiality of infor- intelligence agencies may not have the best skills or mation contained, managed or accessed by that knowledge for the job. State actors may have a con- software.17 When a vulnerability is discovered, a malicious hacker may make an “exploit”18 in order 10 Center for Democracy and Technology.
Recommended publications
  • Radical Librarian-Technologists
    City University of New York (CUNY) CUNY Academic Works Publications and Research Lehman College 2015 Radical Librarian-Technologists John Schriner CUNY Lehman College How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/le_pubs/105 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: AcademicWorks@cuny.edu Radical Librarian-Technologists Schriner, John Lehman College, City University of New York, US ABSTRACT: Librarians may be finding themselves in the role of the technologist that supports students and faculty in Internet security, censorship circumvention, and supports whistleblowers and journalists. This paper looks at three cases where librarians present and teach technologies with these aims: the Tor anonymity network, secure communication in the field of journalism, and the librarian’s place in the maker/hackerspace movement. Keywords: technology; librarianship; censorship; journalism; privacy This is an Open Access article distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Journal of Radical Librarianship, Vol. 1, pp.9–15. Published 1 May 2015. 9 The role of the academic librarian continues to change. It seems that there has been no better convergence of academic departments around technology than at this moment: the librarian speaks with journalism students about secure communications and privacy tools; to computer science faculty and students about setting up anonymity network relays to give censored users a voice; to student groups to help rein in unconstitutional surveillance.
    [Show full text]
  • Surveillance Self-Defense: Privacy in the Post-9/11 Mass Surveillance State Nathaniel D
    Southern Illinois University Carbondale OpenSIUC Research Papers Graduate School Spring 4-13-2017 Surveillance Self-Defense: Privacy in the Post-9/11 Mass Surveillance State Nathaniel D. Fortmeyer Southern Illinois University Carbondale, fortn@siu.edu Follow this and additional works at: http://opensiuc.lib.siu.edu/gs_rp Recommended Citation Fortmeyer, Nathaniel D. "Surveillance Self-Defense: Privacy in the Post-9/11 Mass Surveillance State." (Spring 2017). This Article is brought to you for free and open access by the Graduate School at OpenSIUC. It has been accepted for inclusion in Research Papers by an authorized administrator of OpenSIUC. For more information, please contact opensiuc@lib.siu.edu. SURVEILLANCE SELF-DEFENSE: PRIVACY IN THE POST-9/11 MASS SURVEILLANCE STATE by Nathaniel Dean Fortmeyer B.A., Southern Illinois University, 2011 B.A., Southern Illinois University, 2013 A Research Paper Submitted in Partial Fulfillment of the Requirements for the Master of Science. Department of Mass Communication and Media Arts In the Graduate School Southern Illinois University Carbondale May 2017 RESEARCH PAPER APPROVAL SURVEILLANCE SELF-DEFENSE: PRIVACY IN THE POST-9/11 MASS SURVEILLANCE STATE By Nathaniel Dean Fortmeyer A Research Paper Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in the field of Professional Media and Media Management Approved by: Robert Spahr, Chair Graduate School Southern Illinois University Carbondale March 28, 2017 AN ABSTRACT OF THE RESEARCH PAPER OF NATHANIEL DEAN FORTMEYER, for the Master of Science degree in PROFESSIONAL MEDIA AND MEDIA MANAGEMENT, presented on MARCH 28, 2017, at Southern Illinois University Carbondale. TITLE: SURVEILLANCE SELF-DEFENSE: PRIVACY IN THE POST-9/11 MASS SURVEILLANCE STATE MAJOR PROFESSOR: Robert Spahr The nature of digital information and the networked world has enabled the greatest advances in communication, education, art, science, and entertainment since the invention of the printing press.
    [Show full text]
  • Information Security for Journalists
    Information Security for Journalists This handbook is a very important practical tool for journalists. And it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis and action. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat. After Snowden’s disclosures we know that there are real safeguards and real counter measures available. The CIJ’s latest handbook, Information Security For Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security For Journalists will help you to make your communications indecipherable, untraceable and anonymous. Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and the experts advising the project are ensuring its practical accuracy and usability, and work with the latest technology. Gavin MacFadyen, Director of the Centre for Investigative Journalism By Silkie Carlo and Arjen Kamphuis 1 July 2014: Version 1.01 Acknowledgements I would like to express my deep gratitude to Arjen Kamphuis for his truly brilliant, patient and generous teaching, for his excellent work and for his friendship.
    [Show full text]
  • Hacker, Hoaxer, Whistleblower, Spy: the Story of Anonymous
    hacker, hoaxer, whistleblower, spy hacker, hoaxer, whistleblower, spy the many faces of anonymous Gabriella Coleman London • New York First published by Verso 2014 © Gabriella Coleman 2014 The partial or total reproduction of this publication, in electronic form or otherwise, is consented to for noncommercial purposes, provided that the original copyright notice and this notice are included and the publisher and the source are clearly acknowledged. Any reproduction or use of all or a portion of this publication in exchange for financial consideration of any kind is prohibited without permission in writing from the publisher. The moral rights of the author have been asserted 1 3 5 7 9 10 8 6 4 2 Verso UK: 6 Meard Street, London W1F 0EG US: 20 Jay Street, Suite 1010, Brooklyn, NY 11201 www.versobooks.com Verso is the imprint of New Left Books ISBN-13: 978-1-78168-583-9 eISBN-13: 978-1-78168-584-6 (US) eISBN-13: 978-1-78168-689-8 (UK) British Library Cataloguing in Publication Data A catalogue record for this book is available from the British library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the library of congress Typeset in Sabon by MJ & N Gavan, Truro, Cornwall Printed in the US by Maple Press Printed and bound in the UK by CPI Group Ltd, Croydon, CR0 4YY I dedicate this book to the legions behind Anonymous— those who have donned the mask in the past, those who still dare to take a stand today, and those who will surely rise again in the future.
    [Show full text]
  • Bishop Fox Cybersecurity Style Guide
    BISHOP FOX CYBERSECURITY STYLE GUIDE VERSION 1.1 JUNE 27, 2018 This work is licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic License. Bishop Fox Contact Information: +1 (480) 621-8967 style@bishopfox.com 8240 S. Kyrene Road Suite A-113 Tempe, AZ 85284 Contributing Technical Editors: Brianne Hughes, Erin Kozak, Lindsay Lelivelt, Catherine Lu, Amanda Owens, Sarah Owens We want to thank all of our Bishop Fox consultants, especially Dan Petro, for reviewing and improving the guide’s technical content. Bishop Fox™ 2018/06/27 2 TABLE OF CONTENTS Welcome! ................................................................................................................................. 4 Advice on Technical Formatting ........................................................................................................ 5 What to Expect in the Guide .............................................................................................................. 6 The Cybersecurity Style Guide .............................................................................................. 7 A-Z .......................................................................................................................................................... 7 Appendix A: Decision-making Notes .................................................................................. 96 How We Choose Our Terms ............................................................................................................96 How to Codify Your Own Terms ......................................................................................................97
    [Show full text]
  • Collecting Threat Intelligence from Tor Netwok
    Collecting Threat Intelligence From Tor Netwok A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Security by Tarun Trivedi 14/MS/027 Under the Supervision of Dr. B. M. Mehtre (Associate Professor) Center For Cyber Security Institute For Development And Research In Banking Technology, Hyderabad (Established by Reserve Bank Of India) COMPUTER SCIENCE AND ENGINEERING DEPARTMENT SARDAR PATEL UNIVERSITY OF POLICE, SECURITY AND CRIMINAL JUSTICE JODHPUR – 342304, INDIA May, 2016 UNDERTAKING I declare that the work presented in this thesis titled “Collect- ing Threat Intelligence From Tor Netwok”, submitted to the Computer Science and Engineering Department, Sardar Patel Uni- versity of Police, Security and Criminal Justice, Jodhpur, for the award of the Master of Science degree in Cyber Security, is my original work. I have not plagiarized or submitted the same work for the award of any other degree. In case this undertaking is found in- correct, I accept that my degree may be unconditionally withdrawn. May, 2016 Jodhpur (Tarun Trivedi) ii CERTIFICATE Certified that the work contained in the thesis titled “Collecting Threat Intelligence From Tor Netwok”, by Tarun Trivedi, Registra- tion Number 14/MS/027 has been carried out under my supervision and that this work has not been submitted elsewhere for a degree. (Dr. B. M. Mehtre) (Associate Professor) Center For Cyber Security, Institute For Development And Research In Banking Technology, Hyderabad (Established by Reserve Bank Of India) May, 2016 iii Acknowledgment I would like to take this opportunity to express my deep sense of gratitude to all who helped me directly or indirectly during this thesis work.
    [Show full text]
  • New Perspectives About the Tor Ecosystem: Integrating Structure with Information
    NEW PERSPECTIVES ABOUT THE TOR ECOSYSTEM: INTEGRATING STRUCTURE WITH INFORMATION A Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy by MAHDIEH ZABIHIMAYVAN B.S., Ferdowsi University, 2012 M.S., International University of Imam Reza, 2014 2020 Wright State University Wright State University GRADUATE SCHOOL April 22, 2020 I HEREBY RECOMMEND THAT THE DISSERTATION PREPARED UNDER MY SUPERVISION BY MAHDIEH ZABIHIMAYVAN ENTITLED NEW PERSPECTIVES ABOUT THE TOR ECOSYSTEM: INTEGRATING STRUCTURE WITH INFORMATION BE ACCEPTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Doctor of Philosophy. Derek Doran, Ph.D. Dissertation Director Yong Pei, Ph.D. Director, Computer Science and Engineering Ph.D. Program Barry Milligan, Ph.D. Interim Dean of the Graduate School Committee on Final Examination Derek Doran, Ph.D. Michael Raymer, Ph.D. Krishnaprasad Thirunarayan, Ph.D. Amir Zadeh, Ph.D. ABSTRACT Zabihimayvan, Mahdieh. Ph.D., Department of Computer Science and Engineering, Wright State University, 2020. New Perspectives About The Tor Ecosystem: Integrating Structure With Infor- mation Tor is the most popular dark network in the world. Its noble uses, including as a plat- form for free speech and information dissemination under the guise of true anonymity, make it an important socio-technical system in society. Although activities in socio-technical systems are driven by both structure and information, past studies on evaluating Tor inves- tigate its structure or information exclusively and narrowly, which inherently limits our understanding of Tor. This dissertation bridges this gap by contributing insights into the logical structure of Tor, the types of information hosted on this network, and the interplay between its structure and information.
    [Show full text]
  • Uma Cartografia Do Ativismo Cypherpunk No Brasil
    1 UNIVERSIDADE FEDERAL DE GOIÁS FACULDADE DE CIÊNCIAS SOCIAIS PROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA POLÍTICA RODRIGO DE OLIVEIRA SOBREIRA ANONIMATO, REDES E POLÍTICA: UMA CARTOGRAFIA DO ATIVISMO CYPHERPUNK NO BRASIL Goiânia 2015 RODRIGO DE OLIVEIRA SOBREIRA ANONIMATO, REDES E POLÍTICA: UMA CARTOGRAFIA DO ATIVISMO CYPHERPUNK NO BRASIL Dissertação apresentada ao Programa de Pós- Graduação em Ciência Política da Faculdade de Ciências Sociais da Universidade Federal de Goiás, para a obtenção do título de Mestre em Ciência Política. Linha de pesquisa: Políticas Públicas e Sociedade Civil. Orientador: Prof. Dr. Carlos Ugo Santander Joo Goiânia 2015 FOLHA DE APROVAÇÃO Dissertação intitulada ANONIMATO REDES E POLÍTICA: UMA CARTOGRAFIA DO ATIVISMO CYPHERPUNK NO BRASIL, de autoria do mestrando RODRIGO DE OLIVEIRA SOBREIRA, defendida e aprovada em ____ de maio de 2015, pela banca examinadora constituída pelos seguintes professores: ______________________________________________________________________ Prof. Dr. Carlos Ugo Santander Joo (PPGCP-UFG) Orientador ______________________________________________________________________ Prof. Dra. Heloísa Dias Bezerra (PPGCP-UFG) Membro Titular ______________________________________________________________________ Prof. Dra. Sayonara de Amorim Gonçalves Leal (SOL-UNB) ___________________________________________________________________________ Suplente “A civilização se tornou complicada Que ficou tão frágil como um computador Que se uma criança descobrir O calcanhar de Aquiles Com um só palito pára o motor” (Raul Seixas) AGRADECIMENTOS Podemos dizer que estamos sempre no meio do caminho, como na descida de um rio ou em uma estrada que se estende indefinidamente. Do meio do caminho, bem onde fica a pedra de Drummond, abre-se a nossa frente o desconhecido, o inesperado, as possibilidades, a expectativa e a esperança. Porém, mais do que olhar para frente, do meio do caminho podemos olhar para trás, para nós mesmos e para os que até ali caminharam juntos ou marcaram sua passagem na estrada.
    [Show full text]
  • This Handbook Is a Very Important Practical Tool for Journalists. and It Is of Particular Importance to Investigative Reporters
    Information Security for Journalists This handbook is a very important practical tool for journalists. And it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat. The UK Government’s new surveillance legislation, the Investigatory Powers Bill, marks a disconcerting departure from legal principles of source protection in favour of unbridled spying powers. After Snowden’s disclosures we know that there are real protective measures available. The CIJ’s handbook, Information Security For Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security For Journalists will help you to make your communications indecipherable, untraceable and anonymous. Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and the experts advising the project are ensuring its practical accuracy and usability, and work with the latest technology. Gavin MacFadyen, Director of the Centre for Investigative Journalism 1 May 2016: Version 1.3 By Silkie Carlo and Arjen Kamphuis Acknowledgements I would like to express my deep gratitude to Arjen Kamphuis for his patient and generous teaching.
    [Show full text]
  • Cryptoparties: Empowerment in Internet Security?
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Monsees, Linda Article Cryptoparties: Empowerment in internet security? Internet Policy Review Provided in Cooperation with: Alexander von Humboldt Institute for Internet and Society (HIIG), Berlin Suggested Citation: Monsees, Linda (2020) : Cryptoparties: Empowerment in internet security?, Internet Policy Review, ISSN 2197-6775, Alexander von Humboldt Institute for Internet and Society, Berlin, Vol. 9, Iss. 4, pp. 1-19, http://dx.doi.org/10.14763/2020.4.1508 This Version is available at: http://hdl.handle.net/10419/225648 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort
    [Show full text]
  • Contents 1 a Note of Caution 1.1 Cryptography Is Powerful, but Not
    Contents 1ANoteofCaution1.1CryptographyisPowerful,butnotyouronlylineofdefe nse1.1.1LearnandUse 2Basicsfirst2.1RiskAnalysis2.2Kerckhoffs'sprinciple2.3PublicKeyCrypt ography2.3.1LearnandUse2.4SSL2.4.1LearnandUse2.5AES 3PGP/GPG3.1InstallGPG3.1.1PGPPublicKeyservers3.2Importourkeys3.3 Encryptyourmessage3.3.1AutomaticEncryptionUsingEnigmail/Thunderbird3.3.1 .1LearnandUse3.3.2ManualEncryptionUsingCommandLines/TerminalsandGPG3 .4Keys3.5Links3.6LearnandUse 4VerifyingSoftwareDownloads&Files:Hashing4.1MicrosoftFileChecksumInte grityVerifier4.2Hashtab&HashMyFiles4.3CheckingHashesonLinux/Mac4. 4CheckingGPGDigitallySignedSoftwarePackageSignatures 5DiskEncryption5.1TrueCrypt5.1.1LearnandUse5.2FileVault5.3LUKS5.4T omb5.5LearnandUse 6SecureDataDeletion 7EncryptedMobileCommunications7.1Gibberbot7.2TextSecure7.3RedPhone7.4 Chatsecure 8PrivacyProtectedBrowsing8.1Tor8.1.1LearnandUse8.2TorBrowserBundle 8.3OnionbrowseroniOS8.4Orbot:TorOnAndroid8.5Orweb:Proxy+PrivacyBrow ser8.6Ghostery8.7LearnandUse 9Darknets9.1Tor9.2Tribler9.3i2p9.4Freenet 10SecureChat10.1Encryption10.2Authentication10.3Deniability10.4Perfect forwardsecrecy10.5Clientsupport10.5.1Native10.5.2Viaplugin10.5.3Pro xy10.5.4ChatLogFiles10.6LearnandUse 11Misc11.1TahoeLAFS11.1.1LearnandUse11.2Intrusiondetectionsystems11 .3IronKey11.4DistrRTgen 12SoftwareLibraries 13OperatingSystemandHostEnvironment13.1Homedirectoryencryption13.2Ful lDiskEncryption13.2.1Seealso13.3OperatingSystems13.3.1TailsLinux:The AmnesicIncognitoLiveSystem13.3.2LibertéLinux13.3.3Whonix 14Email14.1WebsiteEmailers14.1.1SSLenabledservices14.1.2NonSSLservi
    [Show full text]
  • Programming Cryptoparties in Libraries Damien Belveze
    Programming cryptoparties in Libraries Damien Belveze To cite this version: Damien Belveze. Programming cryptoparties in Libraries: How Librarians can contribute to Students and Citizens empowerment against tracking and mass-surveillance. 2017. hal-01504076 HAL Id: hal-01504076 https://hal.archives-ouvertes.fr/hal-01504076 Preprint submitted on 8 Apr 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Programming cryptoparties in Libraries : How Librarians can contribute to Students and Citizens empowerment against tracking and mass-surveillance « Librarians are badass » (Edward Snowden) IFLA statement on privacy and its role to librarians commitment For french students, privacy is usually not included in the curriculum excepts in the margins, as a part of an optional course that some student attend to make their digital skills certified (C2i)[1]. A few years ago, I noticed among students of my former engineering school a real lack of knowledge on privacy and an insufficient perception of its importance, particularly in the building of mobile application, though these students are often asked to design apps that are supposed to collect users data. At the university of Rennes1, I am in charge of training sessions for students from undergraduate level to PhD.
    [Show full text]