Maybe we would care more if we knew just how many surprising insights can be gleaned from our online activity. https://edri.org/what-does-your-browsing-history-say-about-you/ https://labs.rs/en/browsing-histories/ https://edri.org/what-does-your-browsing-history-say-about-you/
The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a common means of implementing various forms of content access control. But all this is poised to change. Now that the Snowden files have sensitized us to the level of such activities, we have become acutely aware that many of our tools are just way too trusting, way too chatty, and way too easily subverted. First and foremost in this collection of vulnerable tools is the Domain Name System.
Dans un avis remis au gouvernement, la Commission nationale de contrôle des techniques de renseignement (CNCTR) estime qu'il serait théoriquement possible pour les services de collecter les URL visitées par les internautes surveillés, mais uniquement si elles ne sont pas trop précises. Inextricable.
Just as Doctors can’t solve healthcare, Hackers can’t solve surveillance. Doctors can’t make human frailty disappear with some sort of clever medical trick. They can help mitigate issues, fight emergencies, they can be selfless, heroic. but they can’t, on their own, solve healthcare. One of the ways that Hackers can fight surveillance is to develop better cryptographic communications tools, and train people how to use them.. This is certainly critical work that hackers can contribute to, but we can’t, on our own, solve surveillance. Nothing that Hackers can do on their own can eliminate surveillance. [...] Hackers need to understand that there is no business model for secure mass communications. In order to achieve a society where we can expect privacy we need more hackers and hackerspaces to embrace the broader political challenges of building a more equal society.
Loss of privacy leads to loss of freedom.
Your freedom of expression is threatened by the surveillance of your internet usage – thought patterns and intentions can be extrapolated from your website visits (rightly or wrongly), and the knowledge that you are being surveilled can make you less likely to research a particular topic. You lose that perspective, and your thought can be pushed in one direction as a result. Similarly, when the things you write online, or communicate privately to others, are surveilled, and you self-censor as a result, the rest of us lose your perspective, and the development of further ideas is stifled.
Your freedom of association is threatened by the surveillance of your communications online and by phone, and your freedom of assembly is threatened by the tracking of your location by your mobile phone. Can we afford to risk the benefits of free association, the social change brought by activists and campaigners, or the right to protest?
These freedoms are being eroded, right now. The effects will worsen over time, as each failure to exercise our freedom builds upon the last, and as more people experience the chilling effects.
The author hesitated for a long time before publishing this article, because there are strong ethical issues. Documenting the effects of censorship can be seen as helping censors. For instance, if measurements show that censorship is very limited in practice, it may motivate some authorities to increase the pressure and its negative consequences. But I believe that censors are already better informed than the average citizen and that it is necessary to have factual information in order to have an informed debate in democracies.
Another big ethics issue concerns the measurements themselves. Is there a risk of endangering people who host a probe by doing DNS lookups for illegal/forbidden/questionable things (for instance DNS lookup for a porn site from a probe in Iran)? Today, the DNS is typically "under the radar" for most surveillance activities. Doing an HTTP request for an illegal site attracts attention to you in some countries (and it is one of the reasons why RIPE Atlas probes do not perform HTTP queries for arbitrary URLs), but it does not seem to be the case (yet) for DNS requests. (See RFC 7626, "DNS Privacy Considerations".)
The creator of PGP has moved his mobile-encryption firm Silent Circle to Switzerland to be free of US mass surveillance. Here he explains why. [...] “Every dystopian society has excessive surveillance, but now we see even western democracies like the US and England moving that way,” he warns. “We have to roll this back. People who are not suspected of committing crimes should not have information collected and stored in a database. We don’t want to become like North Korea.” [...] Today, his biggest worry is not software backdoors, but the petabytes (1m gigabytes) of information being hoarded by the likes of Google and Facebook. “If you collect all that data, it becomes an attractive nuisance. It’s kind of a siren calling out inviting someone to come and try to get it. Governments say that if private industry can have it, why can’t our intelligence agencies have it?”
Ultimate Privacy and Control for your Voice, Video and Chat Communications
L'Afnic travaille, notamment au sein du CENTR et de l'IETF, à améliorer la protection de la vie privée pour les utiisateurs du DNS. Le protocole DNS est un élément peu connu mais crucial de l'infrastructure de l'Internet. Aujourd'hui où les préoccupations sur la vie privée ont pris beaucoup d'ampleur, il est donc normal de se pencher sur la question « DNS et vie privée ». Tout utilisateur de l'Internet se sert abondamment du DNS, même s'il ne s'en rend pas compte, et même s'il ignore tout du DNS et des noms de domaine. À chaque fois que cet utilisateur envoie un message, qu'il clique sur un lien hypertexte, que son ordinateur met à jour ses logiciels, il y a une (et souvent bien plus d'une) requête DNS. Mais, autant les questions de vie privée liées au protocole du Web, HTTP, ont été longuement discutées (qu'on songe aux débats comme « faut-il une autorisation explicite de l'utilisateur pour placer des cookies ? » ou bien « l'adresse IP est-elle une donnée nominative ? »), autant celles liées au DNS ont été d'abord négligées, puis ensuite étudiées uniquement dans un petit cercle, essentiellement à l'IETF. La sortie prochaine du RFC « DNS privacy considerations » sera la première manifestation officielle de cet intérêt.
This demo secretly makes requests to STUN servers that can log your request. These requests do not show up in developer consoles and cannot be blocked by browser plugins (AdBlock, Ghostery, etc.).
https://github.com/diafygi/webrtc-ips
Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.
A top EU official wants internet and telecommunication companies to hand over encryption keys to police and spy agencies as part of a wider crackdown on terrorism.
I’m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail. My goal is to hide the originating IP address of my mail as well as my mail client type and version.
“We have seen the emergence of publicy as the default modality, with privacy declining. In order to ‘exist’ online, you have to publish things to be shared, and that has to be done in open, public spaces.”
Il est de notre responsabilité à tous de refuser ce genre de choses avant qu'elles ne deviennent banales...
Cette conférence s’intéresse à la protection de la vie privée sur Internet, notamment en sensibilisant le grand public aux dérives des grandes puissances d’Internet (en prenant pour exemple Google et Facebook) actuelles et potentielles. Elle parle également de NSA et autres organismes d’État. Licence <WTFPL 2.0>.
At the Hackers on Planet Earth conference next month, the Electronic Frontier Foundation plans to release software designed to let you share a portion of your Wi-Fi network, password-free, with anyone nearby. The initiative, part of the OpenWireless.org campaign, will maintain its own flavor of free, open-source router firmware called Open Wireless Router. Good Samaritans can install this firmware on a cheap Wi-Fi router, creating a public slice of bandwidth that can dialed up or down with a simple smartphone interface.
Google pense que « si [nous faisons] quelque chose [que nous souhaitons] que personne ne sache, peut-être [devrions-nous] commencer par ne pas le faire » et que « la vie privée pourrait en réalité être une anomalie ». Pourtant nous utilisons tous plus ou moins ses services et ceux des entreprises qui développent le même mode de pensée sur Internet. Mais au fait, n’avons-nous vraiment rien à cacher ?
On October 30 – 31, 2013, The New York Review of Books held a conference called "Power, Privacy, and the Internet," taking a look at the role of the Internet both as a vehicle of political and cultural dissent and, in the hands of the state, as a weapon of repression and control. The recordings from the event have recently been released where listeners can stream or download the audio.
Panel discussions include:
Governments, Corporations and Hackers: The Internet and Threats to the Privacy and Dignity of the Citizen
The Internet and the Future of the Press
The Internet, Repression and Dissent
The Internet, the Book, the University and the Library
The Internet, the Economy and Production
Keynote speakers included Robert Darnton, Librarian of Harvard, Joseph Lelyveld, former Editor of the New York Times. and Ken Roth, from Human Rights Watch.
Grâce à la générosité des soutiens ayant participé à son financement et de Benoît Musereau, qui l'a bénévolement réalisée, La Quadrature du Net publie aujourd'hui « Reclaim Our Privacy », une courte vidéo abordant les dangers qui menacent notre vie privée, l'importance de protéger ce droit fondamental, et enfin, proposant des outils pour en reprendre le contrôle. Si vous désirez participer à son financement, il est toujours possible de le faire ici. Les fonds collectés au-delà de l'objectif seront partagés équitablement entre Benoît Muserau et La Quadrature du Net. Cette vidéo est publiée sous licence CC BY-SA : partagez-la ou remixez-la librement ! <3