The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | International

The South China Morning Post reports that the ban on Facebook, Twitter, the New York Times, and many other sites, will be lifted, but only in the Shanghai free-trade zone.

The information came from anonymous government sources within China. The purpose is to make the zone more attractive to foreign companies and workers who expect open Internet access. The sources say that the more open access may be expanded into the surrounding territory if the experiment is successful.

It will be interesting to see if this actually comes to pass.

Two questions occur to me. First, will the free-trade zone be considered to be outside the firewall, and hard to access from within the rest of China? Second, is this as much about surveillance of activity on those websites as it is about providing free access?

· · ·

Play

Welcome to Episode 11 of The Privacy Blog Podcast, brought to you by Anonymizer.

In this episode, I’ll discuss the shutdown of secure email services by Lavabit and Silent Circle. In addition, we’ll dive into the problem with hoarding Bitcoins and how you can protect yourself while using the increasingly popular online currency. Lastly, I’ll chat about whether teens actually care about online privacy and an ad agency’s shocking decision to use high-tech trash cans to measure Wi-Fi signals in London.

Please leave any questions or feedback in the comments section. Thanks for listening.

· · · · · · · ·

Wired reports on a move by the Japanese government to ask websites to block users who “abuse” TOR. 

I assume that TOR is being used as an example, and it would apply to any secure privacy tool.

The interesting question is whether this is simply a foot in the door on the way to banning anonymity, or at least making its use evidence of evil intent.

Currently, public privacy services make little effort to hide themselves. Traffic from them is easily detected as being from an anonymity system. If blocking becomes common, many systems may start implementing more effective stealth systems, which would make filtering anonymity for security reasons even harder.

· · · ·

The right to be forgotten is a topic discussed more in Europe than in the US. The core question is whether you have a right to control information about yourself that is held and published on the Internet by third parties.

This includes social media, news sites, discussion forums, search engine results, and web archives.

The information in question may be true or false, and anything from embarrassing to libelous.

 

Often discussions about removing old information center on calls for Google to remove information from their search results. I think they are chosen because they are the dominant search engine, and people feel that if the information is not shown in Google, then it is effectively gone. Of course, search engines are really just pointing to the actual data, while generally lives on some other website.

Being removed from Google does nothing to the existence of the information, nor would it impact indexing of that information by other search engines.

 

Even if you get the hosting website to remove the information, there are many organizations like archive.org who may have copied and archived the information, thus keeping it alive and available.

Here are some examples of information that you might want removed.

  • Racist rantings on an old social media site to which access has been lost.
  • Drunk party pictures on a friend’s social media account.
  • Newspaper articles about dubious business activities.
  • Court records of a conviction after the sentence has been completed.
  • Negative reviews on a review website.
  • Unflattering feedback on a dating website.

 

In many of these cases, your “right to be forgotten” runs directly into another person’s “right to free speech”.

 

My thinking on this is still evolving, and I would welcome your thoughts and feedback. Right now I think that the free speech right trumps the right to be forgotten except in specific situations which need to be legally carved out individually; things like limitations on how long credit information should be allowed to follow you. Of course, the problem will be that every country will draw these lines differently, making enforcement and compliance very difficult, and leading to opportunities for regulatory arbitrage.

 

We are already seeing this in the EU. While most of the EU is moving towards codifying a right to be forgotten, the UK is planning to opt out of that.

·

According to the Telegraph, the UK government is instituting a code of conduct for public WiFi which would require blocking of pornography to protect kids.

I see a couple of problems here.

1) Porn proliferates very quickly, so the blocking is likely to always be behind the curve, and kids are really good at getting around these kinds of blocks.

2) Some people will feel that things are allowed that should be blocked.

3) Inevitably legitimate websites will be blocked. A common example is breast feeding web sties, which frequently get caught in these kinds of nets.

4) Implementing this requires active monitoring of the activity on the WiFi which generally enables other kinds of surveillance.

Most home networks don’t have filtering on the whole network, so kids at home would be exposed to raw Internet. The standard is generally to filter at the end device. It seems to me that would be the best option here.

Parents could choose exactly the blocking technology and philosophy they want to have applied, and it does not impact anyone else.

· · ·

It looks like Syria is back on the Internet again.
I have not seen any indications of unusual atrocities the, so why the short outage?

· · ·

Fast Company has a good article laying out the state of events regarding the Internet in Syria.

Here is the short version. Syria has changed tactics from keeping the Internet available but highly monitored and surveilled, to turning off apparently absolutely all Internet connectivity within the country. 

Syria was unique in its cyber response to their Arab Spring uprisings. Rather than lock down the Internet, they actually un-blocked some popular social media sites. They did this because of the incredible surveillance capabilities this makes possible. Business Week has a nice story on this aspect.

The change of face would seem to have a few possible reasons.

1) Dissident tactics like encryption are making the surveillance less effective.

2) The damage from dissident publishing is greater than the value of the intelligence.

3) The Syrian government is about to do something really nasty and they want to make it very hard to report about it.

We shall see. The fact that the Syrian government appears to have turned off even its own Internet access suggests that they are worried about any leaks through the wall, which makes reason 3 seem more probable.

· · ·

EU officials ‘hacked’ at Azerbaijan Internet Governance Forum | ZDNet

It appears that the laptops of two EU officials at the Internet Governance Forum in Azerbaijan got hacked while they were in the hotel.

Suspicion is immediately falling on the Azerbaijan government.

No one is mentioning breaking and entering, so I would assume they were attacked via the insecure Internet in the hotel.

· ·

In the tradition of Jonathan Swift’s “A Modest Proposal” is “The Dictator’s Practical Guide to Internet Power Retention, Global Edition”.

Under the pretext of being a guide on how to crack down on Internet dissent for dictators, it does a nice job of analyzing how the Internet is used by dissidents, and the techniques used by governments to crack down on those practices.

Thanks to boingboing for bringing this to my attention.

· · ·

This article from Threatpost discusses a study out of CMU of Chinese censorship of their home grown social networking websites.

Now that they are blocking most of the western social media sites entirely, the focus of censorship is internal. Obviously blocking the internal sites as well would defeat the purpose, so they are selectively deleting posts instead. This study looks at the rate at which posts with sensitive key words are removed from the services.

It clearly shows how censorship can be taken to the next level when the censor controls the websites as well as the network.

· · · · · ·

<< Latest posts

Older posts >>