Monday, 11 August 2014

Moving Past Privacy-Poaching Facebook Messenger

Facebook is again making privacy headlines.  Sources have discovered that Facebook's new Messenger app has a laughably invasive list of terms and conditions to which users must agree.  What is worse is that this app replaces messaging services offered within the main Facebook app, trying to force millions of users to agree to terms no one should have agree to.

According to The Toronto Star, the app can access personal information and also take action based on the data discovered.  For instance, users will allow the app to do the following:

  • Call phone numbers without your intervention and sending text messages;

  • Record audio with the microphone, and taking photos and videos with the camera, without your confirmation;

  • Read your phone’s call log.
  • By contrast, services like our SumRando Messenger are security-focused and privacy-protecting while still being easy to use and convenient on the go.  We have gone out of our way to design an app that protects users and those they message while other services continue to force unfair terms on their users.

    You should not have to worry about anyone collecting information from you and also take invasive action based on that information.  In contrast to Facebook Messenger, these are a few of our specs:
    • Two forms of encryption (AES-256 and SSL) to keep your messages secure
    • No direct link between your phone number, device email address, or other identifying account; the decision on who you want to communicate with is strictly yours
    • Messages automatically deleted upon logout with only 10 messages stored (if you do not clear you conversation) stored for future conversational reference.
    See the difference?  We don't believe consumers should have to choose between privacy and convenience.  What remains striking is just how many major developers try to force consumers to make that choice.

    The benefit of a story like this about Facebook Messenger is that it is a story that could attract millions of Facebook users to take privacy concerns seriously.  One of the largest social media and messaging companies in the world has taken a stand against privacy, and their users are retaliating.

    What remains to be seen are two things: How many users will refuse this new Messenger app and what Facebook will do (if anything) to bring them back into the fold.

    Wednesday, 6 August 2014

    Cyber-exposed Thailand Prepares New Security Measures

    It's no secret that Thailand lacks sufficient cyber infrastructure.  Rated third among the 10 worst countries for internet safety by UK security firm Sophos, Thailand experiences significant exposure to malware attacks.  Around 20.8% of PCs experience malware attacks in a span of three months.  To put that figure in perspective, the safest countries (Norway, Sweden, and Japan) range from 2.6 to 1.8%, and the most dangerous country (Indonesia) is only a little higher than Thailand at 23.5%.  Research has shown the country is additionally susceptible to ATM-related and government cyber attacks. (Needless to say, Thailand is somewhere you would want to use a VPN.)

    Surangkana Wayuparb, Director of Thailand's
    Electronic Transactions Development Agency
    Thailand made headlines this week when Surangkana Wayuparb, the country's Director of Electronic Transactions Development Agency, addressed the Regional Asia Information Security Exchange Forum in Bangkok.  Bangkok Post reports that Surangkana told those in attendance, "All these world records reflect that Thailand urgently needs to set up a national computer emergency response team (Cert) as a command centre to manage and collaborate on national cybersecurity threats and cyberwarfare... Cyberattacks pose a serious challenge to people at all levels, from end-users to enterprises and government agencies."

    According the Bangkok Post:

    “Surangkana said information security threats were no longer only technical dangers. They can have a major effect on the country's economy and national physical security. "Cyberattacks pose a serious challenge to people at all levels, from end-users to enterprises and government agencies,” Surangkana said… The ETDA [will] propose a national Cert to the junta. If approved, the ETDA expects a centre will be created by year-end. The creation of a national Cert is expected to upgrade the ETDA's existing computer emergency response team to a full national command centre, she said.”

    Read more about Thailand's cybersecurity plans at Bangkok Post.

    Saturday, 26 July 2014

    AddThis Tests 'Canvas Fingerprint' to Replace Cookies in 5,000+ Popular Sites

    A study conducted by Princeton University and Belgium’s KU Leuven University revealed that more than 5,000 of the top websites in the world have been testing "canvas fingerprint" technology intended to replace cookies, to track user data with most using popular widget AddThis.

    ProPublica insists that canvas fingerprints are "nearly impossible to block," and PC World describes the technology with the following:
    "An invisible image was sent to the browser, which rendered it and sent data back to the server. That data can then be used to create a 'fingerprint' of the computer, which could be useful for identifying the computer and serving targeted advertisements."
    AddThis Chief Executive Rich Harris accounted for their testing by saying they were seeking a "cookie alternative." According to ProPublica, Harris "considered the privacy implications of canvas fingerprinting before launching the test, but decided 'this is well within the rules and regulations and laws and policies that we have.'"

    Cookies have been around since the 1990s, and many internet users have routinely started to circumvent their influence.  Canvas fingerprints signaled the potential to track users' history in more covert ways, and AddThis appears to have tested their efficacy on thousands of sites, including and YouPorn.

    ProPublica explains, "[Canvas] fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus." You can test the canvas fingerprint technology yourself on ProPublica, to see what kind of image you produce to be translated into a unique ID number with the Canvas Fingerprinting in Action feature. 

    Below is an example, using ProPublica's feature:

    In order to curb the effects of canvass fingerprinting, ProPublica suggests the following strategies:
    • Use the Tor browser (Warning: can be slow)
    • Block JavaScript from loading in your browser (Warning: breaks a lot of web sites)
    • Use NoScript browser extension to block JavaScript from known fingerprinters such as AddThis (Warning: requires a lot of research and decision-making)
    • Use a browser extension that blocks JavaScript from known ad tracking companies such as AddThis. Extensions include Disconnect or AdBlockPlus browser extension with the EasyPrivacy filter installed. (Warning: Only blocks known ad tracking companies; other websites could still employ canvas fingerprinting)
    • Try the experimental browser extension Chameleon that is designed to block fingerprinting (Warning: only recommended for tech-savvy users at this point)
    • Install opt-out cookies from known fingerprinters such as AddThis (Warning: fingerprint will likely still be collected, companies simply pledge not to use the data for ad targeting or personalization)

    Monday, 21 July 2014

    Anonymous Re-Enters Israel-Palestine Fray in Support of Palestine

    Related to our previous post, hacker group Anonymous claimed to have taken down thousands of Israeli websites between July 11 and July 17 in support of the Palestinians, according to the International Business Times.  Today, Businessweek reports the group has claimed responsibility for hacking a top Kenyan military Twitter account, where they "called for retribution over the war in Gaza, Kenyan politicians to stand down and an end to tribalism."

    These attacks follow others against Israel by Anonymous in the recent past, including cyber attacks conducted in April in which the group urged allies "to hack, deface, hijack, database leak, admin takeover and DNS terminate the Israeli cyberspace by any means necessary.”

    To read more about Anonymous's involvement, you can follow their website.

    Cyber Warfare Underpinning Recent Gaza Strip Conflict

    If there's one easy thing for people to understand about cybersecurity and cyber warfare, it's that there is a usually a strong presence of cyber attacks when there are threats of or actions of more traditional warfare.  While cyber warfare produces tangible technological, organizational, and economic damages, it can also be used as a form a psychological warfare.

    A recent example comes out of escalated tensions in the Gaza Strip, where Hamas has used technology in service of their objective aims and Israelis have responded defensively.  Bloomberg reports that cyber attacks related to escalated tensions in the Gaza Strip have risen tenfold in the last few weeks.

    Bloomberg reported about a recent attack involving a popular international pizza company:
    During the time hackers controlled the Domino’s Facebook page, status updates included a threat to “strike deep inside Israel.” After Domino’s regained control, it posted an image of a masked man wearing a headband in Hamas’s signature green color, with the caption, “You can’t defeat the Israeli hunger for pizza!”

    Israeli hackers didn’t stand idly by. They left some Hamas websites disabled for hours and others displaying content maligning the Islamist group and its leaders. 
    An Israeli response to Hamas attack on the Domino's Facebook page translates as "“You can’t defeat the Israeli hunger for pizza!" according to Bloomberg.
     Some in Israel suggest that Hamas is also slowing internet service in addition to internet hacking and defacement like that which is being attributed to them in accounts like the above.  In forging a response, Israel cannot simply shut down access since their opposition generally do not use Israeli internet access to begin with.  Some analysis suggest attacks against Israel are being conducted by sympathizers abroad, which would make restricting internet access less effective in response.

    The Israeli Internet Association's Dina Beer characterized the activity in the following way: “The attacks aren’t sophisticated; they just give the feeling that someone else is in control... It’s terrorism, designed mostly to frighten: ‘See, we can control your sites and do things you don’t want us to do.’ And it works.”

    For more about these recent cyber developments underpinning the ground and air game in the Gaza Strip, head over the Bloomberg.

    Friday, 11 July 2014

    Be the First to Use SumRando Messenger!

    You send texts and other private message because what you're sharing with someone shouldn't concern anyone else.  If you wanted to share your thoughts with the world at large, you could post a Facebook status or tweet your thoughts for the public to read.  Unfortunately, your private messages can be vulnerable to others' interference without a secure messenger service.

    Our new secure SumRando Messenger (Beta) is here to solve that problem.  SumRando Messenger (Beta) is a secure, real-time chat app that encrypts your digital messaging from your mobile device. With SumRando Messenger (Beta) you can chat freely with your friends without worry of your ISP, phone provider or government reading along ultimately freeing you from data misuse.

    We recognize how omnipresent text-based messaging is users, and we have built a new app to help protect the information that was intended to be and remain private.  Your email and text invitations to your contacts stay between you and them.  SumRando Messenger does not interfere in this communication. 

    SumRando Messenger is the Premiere Encrypted Messenger App

    With our messenger app, all your messages and saved friend lists are encrypted, unlike other popular messaging apps.  No messages travel from phone to phone; they move through a secure SSL (Secure Sockets Layer) connection to our servers, where they're encrypted. The messages are then sent to the destination phone using Google's Cloud Messaging Service.  No one can see to whom you are sending data, not even Google, because of its encryption through our SumRando servers.  

    SumRando Messenger (Beta) Features:
    • Standard texting features - text with your friends in real-time
    • Two forms of encryption (AES-256 and SSL) to keep your messages secure
    • No direct link between your phone number, device email address, or other identifying account; the decision on who you want to communicate with is strictly yours
    • The ability to invite others to secure conversations with you using SumRando Messenger (Beta) through email or SMS
    • Messages automatically deleted upon logout with only 10 messages stored (if you do not clear you conversation) stored for future conversational reference.

    Getting Started with Sumrando Messenger (Beta) is Easy. 
    1. Click here to download the app. (Check out our SumRando Messenger FAQ with any questions.)
    2. Log in to your SumRando account or start an account, if you were not previously a member.  You and your contacts communicate through SumRando, which means you do not have to share your email address or phone number with anyone you're messaging.
    3. Invite your friends to download SumRando Messenger.
    4. Test out the app with your friends (still currently in beta.  
    5. Tell us what you think!

    Tuesday, 8 July 2014

    In the UK, Renewed Interest in a "Snooper's Charter"

    The Guardian reports that the UK government is considering measures requiring phone companies retain detailed records about phone calls, text messages, and internet activity in response to new threats to national security.  This latest effort follows a failed attempt at similar legislation last year (dubbed the "snooper's charter" by opponents), when the Labour Party and Liberal Democrats banded with outside groups to defeat the efforts. UK Home Secretary Theresa May, a chief proponent of the law last year, insists that these measures are essential in the face of new threats by groups like al-Qaeda and ISIS.

    The Guardian reports on the details of the proposed legislation, which is expected to pass:
    "Any new 'snooper's charter' bill would require a vast extension of the communications data that the phone and internet companies are currently required to retain. It would mean the retention of all data tracking everyone's use of the internet and mobile phones, including every web page visited, and not just the bare details kept for billing purposes by the companies."
    The UK government has launched an effort to generate support for the emergency measures, emphasizing the harm the government is seeking to prevent.  The UK Home Office shared their official stance on the matter with The Guardian, saying, "The retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security."

    The government feels especially pressured to act given that, in April, the European court of justice (ECJ) ruled against surveillience programs put into effect in 2009, saying that it was "too sweeping."  The Guardian reports, "The government appears to have secured support from Labour and the Lib Dems to reinstate the surveillance laws after the ECJ struck them down. But the Lib Dems are insisting that the plan will not amount to the reintroduction of the so-called 'snooper's charter' – the communications data bill – that split the coalition and was ditched in 2013."

    Essentially, the government is pushing for efforts less invasive than those implemented in the past and those proposed last year.  While the details that distinguish this plan from the others are important in evaluating the plans, there seems to be concerning support for programs premised on the idea that greater surveillance amounts to greater security.  Where exactly is that "line in the sand" previous "snooper's charter" opponents drew as it relates to this latest effort?  What about shorter timeframes of record-keeping really makes this acceptable?

    Read more about the UK government's latest effort at The Guardian.