Showing posts with label Online Privacy. Show all posts
Showing posts with label Online Privacy. Show all posts

Monday, 25 July 2016

How to Stay Anonymous Online

Anonymous Online
Credit:MIT News

New Privacy Pattern – Strong Security Guarantees

Privacy networks tend to guard individuals living under exploitive regimes from scrutiny of the Internet usage. However from recent discovery of susceptibilities in most of the well-known networks, Tor has urged computer scientists in endeavouring to come up with more secured privacy patterns. In July, at the Privacy Enhancing Technologies Symposium, scientists at MIT’s Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federal de Lausanne will be presenting a new privacy pattern which would offer strong security guarantees though will use bandwidth more efficiently than its ancestors.

In tests, the systems of the researchers needed only one-tenth as much time just like secure experimental systems in transferring a large file between unidentified users. Albert Kwon, a graduate scholar in electrical engineering and computer science and first author on the new paper, said that the initial use case that they thought of was to do anonymous file-sharing where the receiving end and sending end do not know each other.

The reason was that things like honeypotting, where spies tend to offer services through an anonymity network in order to entrap its users, are a real issue. However they have also studied applications in microblogging, something like Twitter, where one would want to secretly broadcast your messages to everyone.

Heart of System – Sequence of Servers - Mixnet

The system invented by Kwon and his co-authors, his advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT, David Lazar, a graduate student too in electrical engineering and computer science together with Bryan Ford SM `02 PhD’08, an associate professor of computer and communication sciences at Ecole Polytechnique Federale de Lausanneworks on many prevailing cryptographic techniques though connects them in a novel way.

The heart of the system is a sequence of servers called a mixnet wherein each server tends permutes the order where it receives messages before it is passed on to the next. If messages from Sender Alice, Bob and Carol tend to reach the first server in the order A, B, C that server would send them to the second server in an altered order like C, B, A. The second server would permute them before sending them to the third and so on. The message that had been tracked from the point of origin, by an opponent would not know which was which by the time they had exited from the latest server

The New System – Riffle

It is this reshuffling of the messages which is said to be named – Riffle, for the new system. Similar to several privacy systems, Riffle tends to also use a technique known as onion encryption – Tor, in which case is an abbreviation for `the onion router’.

In the case of onion encryption, the sending computer tends to wrap each message in many films of encryption utilising a public key encryption system such as those that tend to protect most of the online financial transactions. Each of the servers in the mixnet seems to remove only one layer of encryption so that last server only knows the final destination of the message.

To prevent message tampering, Riffle tends to use a system known as verifiable shuffle. Due to the onion encryption, the messages which each server seems to forwards do not look like the one it received, it has peeled off a layer of encryption. However the encryption could be done in a way which the server would generate a mathematical proof which the messages it sends seems valid operations of the ones receiving it.

Tuesday, 8 March 2016

Thousands of Apps Running Baidu Code Collect, Leak Personal Data


Apps by Chinese Internet Giant, Baidu Leaks Personal data

According to researchers, apps running code that have been built by Chinese Internet giant Baidu, have collected as well as transmitted user’s personal details to the company most of which is easily captured. The apps seem to be downloaded hundreds of time. Researchers at Canada-based Citizen Lab have informed that they had discovered the issue in an android software development kit created by Baidu.

These tend to affect Baidu’s mobile browser and the apps developed by Baidu together with other firms utilising the same kit. They informed that Baidu’s Windows browser had also been affected. The researchers also highlighted identical problems with unsecured personal details in Alibaba’s UC Browser which is another browser that is extensively used in the world’s largest Internet market.

Alibaba had fixed those susceptibilities and Baidu had informed Reuter that it would fix the encryption holes in its kits, though would still collect data for commercial use and some of which it stated was shared with third parties. The Chinese Internet giant said that it only offers what data seems to be lawfully requested by duly constituted law enforcement agencies.

Interest in Data, only Commercial

Jeffrey Knockel, chief researcher at Citizen Lab had informed Reuters ahead of publication of the research recently that the unencrypted details which tend to be collected comprise of the user’s location, website visits, and search terms.

The issue emphasizes on how difficult it is for users to be aware of what data their phone collects and transmits and the risk that personal data could escape due to poor or no encryption. Moreover it also highlights how several different groups could be interested in retrieving such type of data. Ron Deibert director of Citizen Lab had commented that it is either shoddy design or its surveillance by design.

Citizen Lab has stated that Baidu which tends to report quarterly earnings in New York had recently fixed some of the issue since it brought them to the attention of the company in November. However, the Android browser still seems to send sensitive data like the device ID in an easy decryptable format. Baidu had informed Reuters that its interest in the data was only commercial though refrained to comment on who else would access.

Privacy Issues & Data Security – Underlined in US

Privacy issues and data security have been underlined in the United States wherein Apple is in a deadlock with the Federal Bureau of Investigation over requests to unlock an iPhone owned by one who had been on a shooting charge in San Bernardino, California in December.

Citizen Lab had mentioned that its research last year, in Alibaba’s UC Browsers had been prompted by documents from National Security Agency whistle-blower Edward Snowden portraying Western intelligence agencies had used holes in the browser to spy on the users. Alibaba had informed that there had been no evidence that the data of the user was taken though it had showed concern and had asked users to update their browsers.

They stated that there was no possibility of accessing how many users had been affected by the Baidu issue, in China and beyond. Some of the software developers in China state that lack of encryption is common and partly owing to quick growth together with poor security awareness. Andy Tian, CEO of Beijing-based app developer Asia Innovations had said `that it is really painful but it’s a growing pain’.