Tuesday 30 June 2015

New Social Media Platform Dubbed “The People’s Site” by Anonymous

This article was originally published by theAntiMedia.org on June 18, 2015.

Claire Bernish 
(ANTIMEDIA) Facebook may have finally met its match. By directly targeting the social media behemoth’s lack of messaging encryption, infamously opaque algorithms, and government and advertiser accessibility, Minds.com has earned the attention of privacy advocates, activists, and frustrated Facebook users—and has even garnered active support from Anonymous. By employing many similar features found on Facebook and other social media giants, Minds gives its users a familiar platform without the numerous privacy concerns plaguing the long-established sites.

Users will find the typical status updates, comments, and link-sharing as other social media, but Minds takes the government’s eyes out of the equation by encrypting private messages and using open-source code that any programmer can check. The platform uses a “reward’ system based on points to earn “views” for posts, so the more active you are, the more the network will promote your posts—-without hindrance from advertisers and profit models.

“For every mobile vote, comment, remind, swipe & upload you earn points which can be exchanged for views on posts of your choice. It’s a new web paradigm that gives everyone a voice,” explains the website.

Minds.com founder Bill Ottman told Business Insider, “Our stance is the users deserve the control of social media in every sense.”

As an answer Facebook’s enigmatic algorithm that has contentiously manipulated users’ newsfeeds for years—essentially strangling organic post reach, even for wildly popular pages—Minds has vowed its formula for boosting posts will be transparent and available. Instead of using inexplicable formulas that rely on Orwellian features like how much time a user lurks on a post, the new platform logically bases its system on user interaction.

These features have been so appealing, the site had 60 million visitors before the official launch on Monday—the majority of whom listed an interest in “alternative media” as their primary reason to be there. In fact, the Facebook page AnonymousArt of Revolution—with a following of over one million users—boosted the Minds website when it announced a hackathon. According to the post:

Anonymous is initiating a call to hackers, designers, creators and programmers to unite worldwide. Let us collaborate on the code of Minds.com and build a top site that is truly of the people, by the people and for the people.”

There have been many attempts to build alternatives to Facebook, but Minds.com—with its heavy emphasis on privacy and transparency—appears to be the most promising yet.

Facebook, theAntiMedia.org, Anonymous, digital privacy, minds.com, encryption, social media
[Image: theAntiMedia.org]

Thursday 25 June 2015

Google Policy Change Limits Revenge Porn; Legislation Still Needed

Revenge porn, nonconsensual pornography, Google, privacy, John Oliver, Last Week Tonight, Cyber Civil Rights Initiative
Google, an entity that believes strongly in the right to know, has found a worthwhile exception to its rule.

Google joined a growing movement last week with the announcement that it would remove revenge porn from Google Search results. The search engine giant follows Reddit, Twitter and Facebook in asserting that revenge porn is an egregious privacy violation, not an expression of free speech.

Google made its rationale explicit: “Our philosophy has always been that Search should reflect the whole web. But revenge porn images are intensely personal and emotionally damaging, and serve only to degrade the victims—predominantly women. So going forward, we’ll honor requests from people to remove nude or sexually explicit images shared without their consent from Google Search results. This is a narrow and limited policy, similar to how we treat removal requests for other highly sensitive personal information, such as bank account numbers and signatures, that may surface in our search results.”

Although a removal from Google Search results will not remove images themselves from the internet, the top search engine’s actions carry significant weight. Within days of the announcement, revenge porn—the conversation topic—found itself all over the internet.

Comedian John Oliver used his Sunday night segment of Last Week Tonight to dispel commonly held myths about revenge porn. The term itself is a misnomer, as it frequently has nothing to do with retribution: the term encapsulates hackers exploiting strangers’ photos for pleasure or profit as well as ex-lovers divulging private photos for payback. For this reason, ‘nonconsensual pornography’ is used as a more accurate term.

Additionally, United States federal laws do not exist to protect against revenge pornography, leaving victims with little in terms of self-defense. Oliver referenced the fact that victims who want to remove their images must first copyright the exploited photos—allow the federal government to closely scrutinize the very pornographic photos they are attempting to remove from circulation—as proof that the law is not on their side. 

Protective federal legislation is much needed and the argument that it will lead to wholesale government censorship of the internet is simply unacceptable. Oliver quipped, “I’m well aware that asking law enforcement to police speech is a dicey proposition. No one wants them patrolling message boards looking for violent language.” Google described its own policy regarding revenge porn as ‘narrow and limited;’ future legislation should be viewed in the same light.

Mary Ann Franks, Legislative and Tech Policy Director of the Cyber Civil Rights Initiative, further reinforced the importance of the Intimate Privacy Protection Act via the Huffington Post. Franks has worked closely with Reps. Jackie Speier (D-CA) and Gregory Meeks (D-NY) to draft the Intimate Privacy Protection Act, which is expected to be introduced in Congress shortly. The bill draws from child pornography legislation and targets photos that are sexually explicit, taken in private and shared without written consent of the subject.

In Franks’ words, “Laws protecting privacy have a long and important history in this country. Privacy is essential to freedom of expression and speech, as well as being fundamental to a democratic society committed to equality and personal autonomy. This is as true for sexual privacy as it is for financial or medical privacy, and a federal bill recognizing this is long overdue.”

National momentum is growing in favor of victim privacy regarding nonconsensual pornography. Google’s onboarding has thrust revenge porn into the limelight, hopefully at the right time to build the support needed to move the Intimate Privacy Protection Act forward.

Wednesday 24 June 2015

2014 Samsung Vulnerability Still A Threat

Samsung vulnerability VPN insecure Wi-Fi Galaxy NowSecure SwiftKey
[Image: Maurizio Pesce]
Samsung users, beware.

As many as 600 million Samsung phones, including Galaxy S5 and S6, are currently at risk of being hacked. A vulnerability due to the pre-installed SwiftKey keyboard enables an outsider to listen to conversations; explore contacts, text messages and photos; install unwanted apps; change settings; and access GPS, camera and microphone.

Cybersecurity company NowSecure alerted Samsung to the vulnerability in November of 2014, beginning four months of negotiations between the two entities: NowSecure wanted to publicize the issue as soon as possible to protect consumers while Samsung hoped to keep quiet until able to offer a solution. The companies finally reached agreement in March, when Samsung was able to send a fix to wireless carriers, and a decision was reached to go public in June.

In the last three months, carriers’ attempts to patch phones via user downloads have yielded questionable results. According to the WallStreet Journal, NowSecure researchers found the security flaw in new Samsung Galaxy S6s earlier this month, prompting NowSecure CEO Andrew Hoog to state that “there are many, many phones that will never get updated. And that’s why we have to raise this visibility.”

Such is the furtive world of cybersecurity politics. If you don’t talk about it, it doesn’t get fixed; if you talk about it before you fix it, you could make it worse.

So far, going public has motivated Samsung to directly address the glitch. On June 18, Samsung’s blog reported that the company would provide security policy updates in “a few days.” Samsung additionally provided instructions for users to enable their phones to automatically accept all security policy updates, a reminder that ultimately, the success of these updates remains in the hands of users.

To counter NowSecure’s fears, Samsung acknowledged that as of June 16, no users had reported compromised security on their phones and expressed that “the likelihood of making a successful attack, exploiting this vulnerability is low,” largely because it would require a hacker to be on the same unprotected network as a user while the latter is downloading a specific update.

Regardless, if there were a perfect time to take advantage of the Samsung weakness, that time is now. Between Samsung’s blog describing the conditions under which to exploit the vulnerability and NowSecure’s blog providing a step-by-step breakdown of how the glitch was found, hackers currently have a wealth of suggestions at their fingertips.

In the meantime, the most reliable solution—short of abandoning your Samsung phone—is to protect yourself from insecure public Wi-Fi. We couldn’t agree more.

Thursday 18 June 2015

Unpatched Vulnerability Compromises Chinese Security

China internet hacking VPN JSNOP
[Image: Marc Oh!]
VPNs and Tor, a network that protects anonymity by routing traffic through a series of servers, are considered two of the most trusted methods of digital privacy protection. Regardless, recent findings reveal that hackers in China successfully bypassed the security provided by these services.

Hackers—believed to be the Chinese government—carried out a “watering hole attack” against visitors to websites trafficked by Chinese journalists and Uighurs, a Muslim ethnic minority: they planted code in websites that would in turn plant itself in visitors’ web browsers. Tor and VPN users suffered the same casualties as other internet users. As long as visitors were also logged into Baidu, Taobao or one of China’s 13 other major web services, hackers gained access to their names, addresses, sex, birth dates, email addresses, phone numbers and internet cookies. 

This situation, however, could have easily been avoided. At fault is JSNOP, an unpatched vulnerability in China’s most popular web services, or more accurately, the powers that have allowed JSNOP to continue. JSNOP was made public in 2013—when it was previously used to target Uighur websites—but to this day has not been fixed. It is hard to imagine a reason to keep JSNOP in place unless pressure existed to keep it there.

The New York Times quoted AlienVault security researcher Jaime Blasco’s response to JSNOP’s continued existence: “The equivalent would be if law enforcement was able to exploit a serious vulnerability in Facebook to deanonymize users of Tor and VPNs in the United States. You would assume Facebook would fix that pretty fast.”

This latest hack shows the extent to which the GreatFirewall of China plays by its own rules. Most hackers are motivated by money, but as Blasco pointed out, “There’s no financial gain from targeting these sites.” Instead, China targets citizens daring to embrace their rights to freedomof expression and religion. These are the very people that VPNs were designed for, yet no amount of technology has proven to withstand a complex, targeted attack from this government.

VPN and Tor users outside of China are likely happy to be so. However, if we are willing to accept that the JSNOP vulnerability is just a backdoor by another name, the dividing line between China and its neighbors begins to blur. Governments in the United States and the United Kingdom continue to push for backdoor access to encrypted technology; let the latest Chinese hack serve as a reminder of just how dangerous such access could be. 

Monday 15 June 2015

Introducing SumRando Cybersecurity 2.0!

Since our launch in 2011, we have grown from a few hundred users in a handful of countries to a million users from all over the world.

Today we released our new website to better serve the needs of our growing community of Randos. From better navigation to clearer descriptions of our tools and services, the site connects you to the features and information you need more simply and efficiently. From the tier description page to help you decide which plan best suits your needs to our reformatted and updated FAQ, we have integrated your suggestions at every turn.

SumRando Cybersecurity has come a long way in a few short years and we are grateful for your support and trust. Our commitment to your online security is unwavering and something you can count on. Even as we grow, our policies to offer a registration-free Anonymous Account; to own, operate, and maintain 100% of our hardware; and to never log your activity will not change.

We could not have done this without all of you! Let us know what you think and be sure to share and like away.

Surf secure and stay Rando!

Saturday 13 June 2015

Watch This Space, Randos.

SumRando Cybersecurity has been busy under the radar and is almost ready to unveil our latest developments. Visit us on Monday, June 15 to check out our redesign and take advantage of our most recent promotions.

Surf secure and stay Rando!

Friday 12 June 2015

Bell Media Faces Pushback for Accusing Canadians of ‘Stealing’ U.S. Netflix

Netflix is currently available in areas shown in red and will soon be available in areas shown in orange. Content offered varies from country to country.
Mary Ann Turcke, president of Canada’s Bell Media, recently sought to enlist ordinary people in the fight against using VPNs to access Netflix, but has achieved just the opposite.

Speaking at the Canadian Telecom Summit on June 3, Turcke related a tale of her 15-year-old daughter using a VPN to access U.S. Netflix, which offers more content than the Canadian version.

Her disappointment in anyone who acts as her daughter did was clear: “It has to become socially unacceptable to admit to another human being that you are VPNing into U.S. Netflix. Like throwing garbage out of your car window, you just don’t do it. We have to get engaged and tell people they’re stealing.”

Her comments have certainly gotten people engaged, but the majority of them are simply saying that Turcke is wrong.

Within a day, the Toronto Star reported a social media backlash against Turcke that included comments explaining the average Canadian’s mindset: he feels deserving of Netflix content reserved for US users and is willing to enlist a VPN to pay for what would otherwise be inaccessible.

Dr. Michael Geist, the University of Ottawa’s Canada Research Chair in Internet and E-commerce Law, chimed in to challenge Turcke’s understanding of the law. Users who access Netflix with a VPN may have breached the company’s terms, conditions, and geographic restrictions, but they have not committed theft or any other punishable crime, according to Geist. 25% of Canadian Netflix users have accessed the service with a VPN for this very reason: the only entities that have the power to crack down on VPN usage—Netflix and its content providers—don’t want to. They are willing to turn a blind eye because a paying customer is a paying customer. Furthermore, Netflix is aware its current model doesn't meet customer demand and consequently is working towards global licensing of its content by 2016.

Geist went on to acknowledge that a VPN is much more than a means to watch It’s Always Sunny in Philadelphia: “Bell’s emphasis on VPNs also fails to acknowledge that the technology has multiple uses. Privacy protection is among the most important uses, since VPNs allow users to conduct secure communications away from the prying eyes of widespread government surveillance. Bell’s comments may leave some Internet users thinking that VPNs are “socially unacceptable” when precisely the opposite is true.”

When it comes to social acceptability, Turcke has a lot to learn. Feeling threatened by a competitor's success does not give Bell Media the right to attack individuals who are willing to embrace what modern technology has made possible.

Thursday 11 June 2015

OPM Data Breach Does Not Justify Latest Cybersecurity Legislation

If no two data breaches are alike, then the United States Office of Personnel Management hack’s unique identifier is the nearly instantaneous uproar it caused in Washington. The OPM breach, which was made public on Thursday, June 4, is believed to have compromised the personally identifiable information (PII) of approximately 4 million former and current government employees. At risk are employee records, which include names, Social Security Numbers, dates and places of birth, current and former addresses, job assignments, training records, and benefit selection decisions. 

Although China has been implicated as the responsible party, Washington is looking much closer to home for someone to blame.

On Friday, White House press secretary Josh Earnest pointed fingers at Congress: “We need not just improved efforts on the part of the federal government, but improved coordination with the private sector on these matters, and that effort to coordinate requires congressional action. The fact is, we need the United States Congress to come out of the Dark Ages and come into the 21st century to make sure we have the kinds of defenses that are necessary to protect a modern computer system.”

President Obama reiterated Earnest’s message on Monday from the G7 Summit in Germany: “We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector. This is why it is so important that Congress moves forward on passing cybersecurity legislation that we’ve been pushing for.” Obama concluded with a call for government to be more aggressive, attentive and well-resourced.

The most immediate piece of legislation Earnest and Obama are referring to is the Cybersecurity Information Sharing Act (CISA), which has found itself conveniently in the spotlight following last week’s hack. On Tuesday, Senate Majority Leader Mitch McConnell capitalized on Washington’s newfound momentum and proposed rolling CISA into defense legislation currently under debate.

To counter the hype, Senator Ron Wyden—the Senate Intelligence Committee dissenter who called CISA “a surveillance bill by another name”—reminded us that this particular legislation will not actually protect Americans from future data breaches: “The so-called cybersecurity legislation in the Senate creates new ways for the government to sift through Americans’ private information without a warrant, and lacks the privacy protections necessary to safeguard private data. Even worse, the bill gives corporations blanket immunity for providing information to the federal government, and would prohibit that data from being used to regulate those corporations, but it would allow federal law-enforcement agencies to go after Americans for unrelated crimes based on this data.  I reject the notion that corporate privacy is more important than individual privacy.

"Finally, although I believe sharing information about cyber-threats is a worthy goal, it is unlikely that information sharing by private companies would have made any significant difference in protecting federal employee data. That's why cybersecurity experts say that passing a bill like this will do little to reduce security breaches."

The OPM hack has thrown Washington into an uncharacteristic flurry of panicked activity. If McConnell is successful in pushing CISA through Congress, the United States will need to accept that the post-Patriot Act era has not yet arrived.